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Lab 1 
Trunks 






Task I 

Shutdown all ports on all tour switches and set the wtp domain name to TST. 








On All Switches 

fconiig)r*int range fD'l - 24 
(conlig- i t-rangc ) £ Sh u l 

(config)#vip domain TST 






Task 2 

Configure the following Host names: 

The first Switch- Cat- 1. 
The second Switch — Cat-2 
The third Switch - Cat- 3 
The forth Switch - Cat-4 






On the first Switch 
Switch(contig)#Hostnamc Cat- 1 

On the Sec unci Switch 

Switch(contig)#Hostnamc Cat-2 
On the Third Switch 
Switch(config)#Hastnamc Cat-3 
On the Forth Switch 
S witc h( co n tig )# H o st n amc C at -4 




c< 
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Task 3 

Configure an 1SL trunk between Cat- 1 and Cat-2 using F 0> 1 9 interface based on the 
following policy: 

Cat-1 - F0T9 -^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-2 — FO/19 -^ this port should be configured to actively attempt to convert the link to 
A trunk 



On SW I 

Cat.](conf.g)#]ntFGT9 

Cat- 1( con ng- if)rrS witch mode Trunk 

Note you get the following message: 

Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured 
to "trunk" mode. 

The above message can be verified with the following show command: 

Cat- l#Show interface FO 1 9 Switchport 

Name: FaGV 1 9 

Switchport: Enabled 

Administrative Mode: dynamic auto 

Operational Mode: down 

Administrative Trunking Encapsulation: negotiate 

Negotiation of Trunking: On 

t The rest of the output is omitted) 

By default the ports on Catalyst 3560 are set to " Dynamic Auto 1 " this is revealed by the 
"Administrative mode" and the Trunking encapsulation is set to "negotiate 1 ", revealed by 
" Administratis e Trunking Encapsulation' ", when the "Administrative Trunking 
Encapsulation'' is set to negotiate, the Trunking mode can NOT be set to ON. 

'To set the Trunking encapsulation to ISL: 

On Cat-1 

Cat-l(conf.g)#IntFaT9 

Cat-l(config-if)*Switch.port trunk encapsulation isl 
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Cat- l(con%-itV*N» Shutdown 
'I'o verify the configuration: 
On Cat-1 



Cat- lf*Show interface F 1 9 Switchport 

Name: FaD/19 

Switchport: Enabled 
Administrative Mode: dynamic auto 
Operational Mode: down p» 

Administrative Trunk in y Encapsulation: i s 1 

i The rest of J lie output is omitted} 



To configure Cat-1 



Cat-l(con%)#int ftlT9 

Cat- l(conn"g-if)#Switchport mode trunk 

To verify the configuration: 

On Cat-1 

Cat- 1 as how interface FO" 1 9 Switchport 

Name: FaD/ 1 9 

Switchport: Enabled 

Administrative Mode: trunk" 

Operational Mode: down 

Administrative Trunk in <! Encapsulation: isl 

i The rest of the output is omitted) 

Note the "Administrative Mode" is no longer "dynamic Auto" and the Trunking 
encapsulation is set to ISL. 

On Cat -2 

Cat-2(conng)#int FO 19 

C at - 2( co n fig- if)?*Svv itch port mode dynamic desirable 

Cat-2i;coniig-ii)#N[> shut 
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To verify the configuration: 



On Cat-2 



Cat -2# Show interlace F Q 1 9 Switchport 



Name: FaO 19 
Switchport: Enabled 
Administrative Mode: dynamic 




Note the operational mode changed 
from "Down" to "Trunk". 



Operational Mode: Trunk 4 

Administrative Trunk ing Encapsulation: negotiate 

Operational Trunking Encapsulation: is! 

i The rest of the output is omitted) 

Note the mode is set to "Dynamic Desirable" and the "Administrative Trunking 
Encapsulation" is set to "negotiate" and the next line reveals the encapsulation mode that 
this port has negotiated, in this case ISL. 

On Cat-1 



Cat- l#Show interlace trunk 



Port Mode 

Fatly 19 on 



Encapsulation Status 
isl (run king 



Port Mans allowed on t 

FaO 19 1-4094 

Port Mans allowed and active in management domain ~~~y This column reveals the 
)/19 configured Trunking mode 




Port Mans in spanning tree forwarding statc^aTw not pained 

FaO 19 1 j>r \ Note Cal-2 negotiated an ISL 

Trunk, whereas, Cat-1 did not. 
On Cat-2 

Cat-2#Show interlace tru 



Port Mode *"' Encapsulation Status Native v Ian 

FaO '19 desirable n-isl trunking 1 

Port Vlans allowed on trunk 

FaO/ 19 1-4094 
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Port Vlans allowed and active in management domain 
FaO. 19 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/ 19 I 






Task 4 

Configure an 1SL trunk between Cat-1 and Cat-2 using FO/20 based on the following 
policy: 

Cat-1 - FO/20 -^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-2 - FO/20 *^ this port should be configured to negotiate a trunk ONLY if it receives 
Negotiate packets from a neighboring port; this port should never start 
Th c n ego t iatio n proc ess 








On Cat-1 

Cat-l(conng)#int f0'20 
Cat-l(config-if)#Switchport trunk encap isl 
Cat-l(contig-if)r*Switchport mode trunk 
Cat-l(conng-if)#NO shut 

To verify the confix urati on: 

On Cat-1 

Cat- l#Sk>w interface F0'20 Swi ' inc Administrative Mode 




Ad mi n ist rati vc Mode: t iu nk 

1 The rest of the output is omitted) 

Cat- l#Sh inter status | inc FaO 20 

FaO/ 20 nolconnect 1 auto auto 10/ 100BaseTX 

Note just because the output states that this interface is in "not connect" state, it does 
not mean that the interface is not connected to any device, it means that it has not 
detected any signaling from neighboring interface. 


a 
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On Cat-2 

Cat-2(con%)#int ffl'20 

Cat-2(con%-iiV*Switchport mode dynamic auto 
Cat-2(con%-if)#NO shut 

To vL'rit'v the cont'iauratinn: 

On Cat-2 

Cat-2#Shmv inter ft) 20 Switchport Inc Administrative Mode 

Administrative Mode: dynamic auto 

(The rest of the output is omitted) 

Note the "Administrative Trunking Encapsulation" is set to "ISL" on Cat-1, 
whereas, on Cat-2 its set to "negotiate". 

If this task stated that FH/20 on Cat-2 should negotiate JSL ONLY , then, configuring 
"switchport mode dynamic auto" will not suffice and the "Switchport trunk 
encapsulation isl" needs be added to the configuration of Cat-2's FU'''2(). 

On Cat-1 

Cat- lf*Show inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO'19 on isl trunking 1 

FaO.'KI on isl trunking 1 

(The rest of the output is omitted) 

On Cat-2 

Cat-2*Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

Fat) 1 19 desirable n-isl trunking I 

FaO'20 auto n-isl trunking 1 

f The rest of the output is omitted) 
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Task 5 

Configure an 1SL Trunk between Cat-! and Cat -3 using FQ'21 interface, These ports 
should be configured to negotiate to eonvert the neighboring interface into an ISL trunk, 
but should NOT be in pennanent tainkmg mode. 



On Both Switches: 

Cat-x(config)#int HI 2 1 

Cat-xfconlig-if)rrSwilehport trunk encapsulation i si 

Cat-x(conng-if)"sv*itdiport mode dynamic desirable 

Cat-x(coniig-if)#NO shut 

To verify the cont'iauration: 

On Cat-1 

Cut- 1-Sliov. inter ffl/21 switehport Ine Administrative Mode 
Administrative Mode: dynamic desirable 

Cat- l"Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

Fall 19 on isl trunk ing 1 

FaO/20 on isl trunk ing 1 

Fall' 21 desirable isl tr unking 1 

f The rest of the output is omitted) 

On Cat-3 

Cat-3r*Sho\v inter fl). 21 Switehport Ine Administrative Mode 
Administrative Mode: dynamic desirable 

Cat-3#Show inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO.' 21 desirable isl t run kin y 1 

f The rest of the output is omitted/ 
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Task 6 

Configure an 1SL trunk between Cat- 1 and Cat-3 using FO/22 interface based on the 
following policy: 

Cat-1 — FO/22 "^ this port should be configured to actively attempt to convert the link to 
A trunk 

Cat-3 — FO/22 *^ this port should be configured to negotiate a trunk ONLY if receives 
negotiation packets from a neighboring port; this port should never 
start the negotiation process 



On Cat-1 

Cat-l(config)#intfl)22 

Cat- l(config-if)?*s witch port trunk encapsulation isl 

Cat-](coniig-if!i#swi mode dynamic desirable 

Cat-l(coniig-if)#\0 shut 

On Cat-3 

Cat-3(config)#int fl) 22 

Cat- 3( con tig- if)?* Switch port mode dynamic auto 

Cat-3(config-if)??M) shut 



To verify the configuration: 



On Cat-1 

Cut- l#Show interface fl.1'22 Switchport Inc Administrative Modi* 
Administrative Mode: dynamic desirable 
Cat- 1-Show interface trunk 

Port Mode Encapsulation Status Native v Ian 

FaO/19 on isl trunking 1 

FaO/20 on isl trunking 1 

FaO 21 desirable isl trunking 1 

FaO/22 desirable isl trunking 1 
(The rest of the output is omitted/ 

On Cat-3 
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Cat-3~Show interlace ft)/22 switchport Inc Administrative Mode 

Administrative Mode: dynamic auto 

Cat-3#Show interlace trunk 

Port Mode Encapsulation Status Native vlan 

FaO/21 desirable isl trunking 1 

Fall' 22 auto n-isl trunking 1 

f The rest of the output is omitted) 

If the "Switchport trunk encapsulation ISL" was added to Cat-3'S FO/22 interface, 
the "encapsulation" column in the output of the "Show interface trunk" command 
would have been "isl" and NOT "n-isl" which means negotiated ISL. 



Task 7 

Configure an ISL trunk between Cat- 1 and Cat -4 using F 0/2 3 interlace: these switches 
should be configured into permanent trunking mode and negotiate to convert the 
neighboring interface into a trunk. 



On Cat-1 & Cat-4 

Cat-xfcontig')T*int ft) 23 

Cat-x(conlig-if)nSwitchport trunk encapsulation isl 
Cat-x(contig-if)r*Switehport mode trunk 
Cat-x(conlig-if)#NO shut 



To verify the configuration: 



On Cat-1 

Cat- lfrShow inter Ft) 23 switchport Inc Administrative Mode 

Administrative Mode: trunk 

Cat- l^Show inter trunk 

Port Mode Encapsulation Status Native vlan 

Fat).' 19 on isl trunking 1 

Fat). 20 on isl trunking 1 
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FaO/21 desirable isl tr Lin king 1 

FaO/22 desirable isl trunking 1 

FflO/23 cm isl trunking 1 

(The rest of the output is omitted) 

On Cat-4 

Cat-4#Sh int F0'23 swi I Inc Administrative Mode 

Administrative Mode: trunk 

Cat-4^Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO/23 on isl trunking 1 

( The rest of the output is omitted) 



Task 8 

Configure an ISL trunk between Cat-1 and Cat-4 using interface F0'24: these ports 
should NOT use DTP to negotiate a Trunk. 



On Cat-1 

Cat- l(config')«int FO 24 

Cat- If conng-ifi^s witch port trunk encapsulation isl 

Cat-l(config-ifj#sv*itchport mode trunk 

Cat- 1 ( co n fig- if)#sv* itch port nonegotiate 

Cat- 1( con tig- if)#Nc> shut *v 

\ This command disabled DTP, hut it 
On Cat-4 \ MUST be configured after the 

/ "switch port mode trunk'" command 
Cat- l(config)#int FO 24 / 

Cat-l(contig-itV*switchport trunk encapsulation isl 
Cat-l(config-if)r*switchport mode trunk/' 
Cat-](.config-if)#switchport nonegotiate 
Cat-](config-if)#NO shut 

To verify the configuration: 
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On Cat-1 

("nt-tsSh int FO 24 swi Inc Administratis ModL-INegotiation 

Administrative Mode; trunk 
Negotiation of Trunking: PIT 

Cat- l#Show int trunk 



Port 


Mode 


line Lip.'- 


illation 


Status Native vlan 


Fat); 19 


on 


isl 




trunking 1 


FaO/20 


o n 


isl 




trunking 1 


FaO/21 


desirable 


isl 




trunking 1 


FaO 22 


desirable 


isl 




trunking 1 


FaO 23 


on 


isl 




trunking 1 


FaO.' 24 


on 


isl 




trunking 1 


i The rest of the otttf 


ut is omitted) 




On Cat 


-4 








Cat-4*Sh 


int FQ'24 swi | Inc 


Administrative Mode Xcgotiatio n 



Administrative Model trunk 
Negotiation of Trunking: Oil 

Cat -4^ Show int trunk 

Port Mode Encapsulation Status Native vlan 

FaO/23 on isl trunking 1 

Fall' 24 on isl trunking 1 

(The rest of the output is omitted/ 



Task 9 

Configure a Dotlq trunk between Cat-2 and Cat-4 using FO/21 interface based on the 
following policy: 

Cat-2 - FO/21 ~^ this port should be configured into a permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-4 — FO/2 1 -^ this port should be configured to actively attempt to convert the link to 
A trunk 
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On Cat-2 

Cat-2(config)#IntFU'2] 

Cat-2(config-iiV*Sviitehport trunk encapsulation dotlq 

Cat-2( con fig- if)** Switch mode Trunk 

Cat-2(config-i t>N () Shutdown 

On Cat -4 

Cat-4(config)#int ffl/21 

Cat-4(config-if)#switehport mode dynamic desirable 

Cat-4(config-ii>*NO shut 

To verify the configuration: 

On Cat-2 

Cat-2#Sh int trunk Exc isl 

Port Mode Encapsulation Status Native v Ian 

FaO/21 Ml 802. lq t run king 1 

(The rest of the output is omitted) 

On Cat-4 

Cat-4**Sho\v int trunk exc isl 

Port Mode Encapsulation Status Native vlan 

Fad/ 21 desirable n«802.1q t run king 1 

(The rest of the output is omitted/ 



Task 10 

Configure a trunk hetween Cat-2 and Cat-4 using F0 22 interface; you should use an 
industry standard protocol for the trunking encapsulation hascd on the following policy: 

Cat-2 - FO/22 r^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a Trunk 

Cat-4 — FO/22 -^ this port should be configured to negotiate a trunk ONLY if receives 
Negotiate packets from a neighboring port; this port should never start 
The negotiation process 
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On Cat-2 




Cat-2(config)#int ft) 22 




C at - 2( co niig-i IV s Switch port trunk t 


.iicap dotlq 


Cat -2( con fig- if)?* Switch port mode t 


runk 


Cat-2(config-if)#N() shut 




On Cat-4 




Cat-4(config)#int ft) 22 




Cat-4(config-if)#5vvi mode dvnamic 


auto 


Cat-4(config-if)#\0 shut 




To verify the configuration: 




On Cat-2 




Cat-2#Sho\v int trunk exc isl 




Port Mode Encapsulation 


Status Native vlan 


FaO/21 on 802. lq 


trunking 1 


Fa(»/22 on 802. lq 


t run kin y 1 


(The rest of the output is omitted) 




On Cat-4 




Cat-4#Sh int trunk exc isl 




Port Mode Encapsulation 


Status Native vlan 


FaO/21 desirable n-802. lq 


trunking I 


FaO/22 auto n-802. lq 


trunking 1 


(The rest of the output is omitted) 





Task I 1 

Configure a Trunk link between Cat -3 and Cat-4 using FQT9 interface. These ports 
should be configured to negotiate to convert the neighboring interface into a dot I q trunk, 
but they should NOT be in permanent trunking mode. 



On Both Snitches: 
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Cat-x(config)#int tiOtlQ 

Cat-xfconfig-if^svMtehport trunk encapsulation dotlq 
Cat-xfconfig-iiVsswitchport mode dynamic desirable 
Cat-x(ajnfig-if)#\0 shut 


To verify the configuration: 




On Cat-3 




Cat-3#sh int trunk cxc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802. lq t run king 

( The rest of the output is omitted) 


Native vlan 
1 


On Cat -4 




Cat-4frSho\v int trunk Exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable SOllq t run king 
FaO/21 desirable n-802.1q trunking 
FaO/22 auto n-802.1q tmnking 
i The rest of the output is omitted) 


Native vlan 
1 

1 
I 



Task 12 

Configure a Dotlq trunk between Cat-3 and Cat-4 using FO 20 interface based on the 
following policy: 

Cat-3 — FO/20 -^ this port should be configured to actively attempt to convert the link to 
a Trunk. This port should NOT be in permanent tmnking mode. 

Cat-4 - FO/20 -^ this port should be configured to negotiate a trunk ONLY if receives 
Negotiation packets from a neighboring port: this port should never 
start the negotiation process. 



On Cat-3 

Cat-3(config)#int ffl'20 

Cat-3(config-i0r*switchpiirt trunk encapsulation dotlq 
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Cat-3(conng-iiV*swi mode dynamic desirable 

Cat-3(config-if)#NO shut 




On Cat-4 




Cat-4(coniig)#int ffl'20 

C at "4( con tig- if)ff Switch port mode dynamic ant 

Cat-4(contig-it>#N() shut 





I'd verify the ctinfiguration: 




On Cat-3 




Gat-3#Sh int trunk Exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802. lq trunking 
FaO/20 desirable 8(12. lq trunking 
(The rest of the output is omitted) 


Native vlan 

I 
1 


On Cat-4 




Cat-4#Sh int trunk exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802.1 q trunking 
Fall' 20 auto 802. lq 1 run kin u 
FaO/21 desirable n-802.lq trunking 
FaO/22 auto n-802.lq trunking 
(The rest of the output is omitted) 


Native vlan 



Task 13 

Configure a Dot lq trunk between Cat -2 and Cat-3 using FO/23 interface: these switches 
should be con figured into permanent trunking mode and negotiate to convert the 
neighboring interlace into a trunk. 



On Both Switches: 



Cat- xi co n tig )#in t F 0.' 2 3 
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C at - x(co n tig- ifV*s witch port trunk encapsulation dotlq 
Cat-xfcontig-itySwitehport mode trunk 
Cat-x(coniig-ii)#NO shut 



To verify the configuration: 



On Cat-2 

Cat-2#Sh int trunk cxc isl 

Port Mode Encapsulation Status Native vlan 

FaO/21 on 802. lq trunking I 

FaO/22 on 802. lq trunking 1 

FaO/23 on 802. lq trunking 1 

(The rest of J lie output is o mine tit 

On Cat-3 

Cat-3r*Sh int trunk cxc isl 

Port Mode Encapsulation Status Native vlan 

.'19 desirable 802. 1 q trunking I 

20 desirable 802. lq trunking 1 

Fa/0/23 on 802. lq trunking 1 

(The rest of the output is omitted) 



Task 14 

Configure a Dotlq trunk between Cat-2 and Cat-3 using interface F0 24: these ports 
should NOT use DTP to negotiate a Trunk. 



On Both Switches: 

C at-x( co n fig)#in t F 0/24 

Cat-x(conlig-]f)"Sv%itehport trunk encapsulation dotlq 
C at -x( con tig- if)* Switch port mode trunk 
Cat-x(conng-if)r*Sw heliport noneyotiate 
Cat-x(coniig-it')#\0 shut 

l'o verify the configuration: 
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On Cat 


_2 




Cat-2#Sh 


int trunk 1 cxc isl 




Port 


Mode Encapsulation Status Native vlan 


FaO/21 


on 802. lq tainking 


I 


Fa0/22 


on 802. lq tmnking 


1 


FaO 23 


on 802. lq tmnking 


1 


FaO/ 24 


cm 802.1 q Irunkiny 


1 


(The rest of the output is omitted/ 




On Cat 


-3 




Cat-3#Sho\v int trunk 1 cxc isl 




Port 


Mode Encapsulation Status 


Native vlan 


FaO/ 19 


desirable 802. lq tmnking 


1 


FaO/20 


desirable 802. lq tainking 


1 


FaO/23 


on 802. lq trunking 


i 


F ii(> ' 24 


cm 802. lq (run king 


1 


(The rest of the output is omitted) 





Task 15 

Configure the following VLANs on Cat- 1 and ensure that they arc propagated to the 
other switches: 

VLANs 2- 10. 100, 200, 300, 400. 120, 130. 140.230. 240. and 340 



On Cat-1 

Cat- 1 (config)#vlan 2- 10, 100,200,300,400, 1 20, 1 30, 140,230,240,340 
Cat- l(coniig-vlan)#exit 

To verify the configuration: 



On All Switches: 



Cm-x-Sh v:an br:c b VLAX0002 
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2 VLAN0002 


active 


3 VLAX0003 


active 


4 VLAX0004 


active 


5 VLAN0005 


active 


6 VL AND 00 6 


active 


7 VLAX0007 


active 


8 VLAN0008 


active 


9 VLAX0009 


active 


10 VLAXOOTO 


active 


100 VLAXOIOO 


active 


120 VLAX0120 


active 


130 YLAX0130 


active 


140 VLAX0140 


active 


200 VLAX0200 


active 


230 VLAX0230 


active 


240 VLAX0240 


active 


300 VLAX0300 


active 


340 VLAX0340 


active 


400 VLAX0400 


active 


f The rest of the output is 


omitted) 



Task 16 



Configure the trunks based on the following policy: 



Policy Item 


Trunk Interface: 


Betw een Sw itches 


Allowed MAN'S 


I 


FG 19 


Cat- 1 <—» Cat-2 


ONLY 120 


2 


F0 2 1 


Cat -2 «--» Cat -4 


ONLY 240 




F0 19 


Cat -3 <--> Cat -4 


ONLY 340 


4 


F0 2 1 


Cat-1 *--» Cat-3 


ONLY 130 


§ 


F0 23 


Cat-1 <--> Cat -4 


ONLY 140 


n 


F023 


Cat-2 <—» Cat-3 


OXLY 230 



Fultcv item 1 : -*- 



The output »f the fallowing Show command reveals the default status of the trunk: 

Cat- ["Show inter trunk B Vlans allowed on trunk 
Port Vlans allowed on trunk 
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FaO/ 19 1-4094 








FaO. 20 1 -4094 








Fa0/21 1-4094 








FaO/22 1-4094 








FaO/23 I -4094 








Fa0/24 1 -4094 








Port Vlans allowed and active in management domain 








FaO,' 19 1 - 1 J 00 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 30 , 34 ,40 








FaO/20 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO/21 1-10, 100,120,1 30, 140,200,230,240,300,340,400 








FaO/22 1 - 1 , 100 , 1 20 , 1 30 , 1 40 ,200 ,230,24 ,30 , 34 ,40 








FaO/23 1 - 10,100,120,130,140,200,230,240,300,340,400 








FaO, 1 24 1-10,100,120,130,140, 200 ,2 3 ,24 ,30 , 34 ,40 








(The rest of the output is omitted) 








To configure the task: 








On Both Switches: 








Note the following command ONLY allows V'LAN 120 on the trunk 








Cat-.\(conng)#int HV19 








Cat-x(config-ii>Switdiport trunk allowed VLAN 120 








To verify the configuration: 








On Cat-1 








Cat- l?*Sho\v int trunk 1 B Vlans allowed on trunk 








Port Vlans allowed on trunk 








Fad.' 19 12(1 








FaO 20 1-4094 








FaO/21 1-4094 








FaO/22 1-4094 








FaO 23 1-4094 








FaO '24 1-4094 








Port Vlans allowed and active in management domain 








Fall.' 19 120 








FaO/20 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO/2 1 1-10,100,120,130, 140 ,20 ,230 ,24 ,30 , 34 ,40 








FaO/22 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO 23 1-10.1 . 1 2 . 1 3 0, 1 4 . 20 .2 3 .24 .30 , 34 ,40 






c< 
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FaO/24 1 - 10 , 1 00 , 1 2 ,1 3 , I 4 , 20 ,2 3 ,24 ,30 , 34 ,40 
(The rest of the output is omitted/ 



Policy item 2: ■«- 



On Cat -2 and Cat-4: 

Cat-x(con%')#int ft)/2 1 

Cat-x(conng-if)#s witch port trunk allowed vlan 240 

To verify the configuration: 

On Cat-4 

Cat-2#Snow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


Fall/ 19 


12(1 


FaO/20 


1-4094 


Fall/ 21 


240 


m 22 


1 -4094 


FaO/23 


1 -4094 


FaO 24 


1-4094 



Purl Vlans allowed and active in management domain 

Fad/ 19 1211 

FaO ' 20 1 - 1 , 100 , 1 20 , 1 30, 140 ,20 ,2 3 ,24 ,30 , 34 ,40 

Fad.' 21 24 

FaO/22 1-10,100,120,130, 140 ,20 ,2 30 ,24 ,30 , 34 ,40 

FaO/23 1-10, 100,120,1 30, 140,200,230,240,300,340,400 

FaO/24 1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

( The rest of the output is omitted) 

On Cat-2 

Cat-4#Sho\v int trunk I B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaO 19 1-4094 

FaO '20 I -4094 

Fad.' 21 24 

FaO/22 1-4094 

FaO 23 1-4094 
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FaO/24 1-4094 

Port Vlans allowed and active in management domain 

Fall 1 9 I - 1 0,100,1 20,130,140,200 ,230,240300, 340,400 

FaO/20 1 - 1 , 100 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 24(1 

FaO/22 1-10,100,120,130,14030,230,240,300,340,400 

) 2 3 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

1/24 1-10,1 00 ,120,130,140 ,20 ,2 3 ,24 ,30 , 34 ,40 
f The rest of the output is omitted) 

Policy Item 3: * 



On Cat-3 and Cat-4 

Cat-.\(config)#int 10,19 
Cat-x(coniig-ii)#$vvitehport trunk allowed vlan 340 



To verify the configuration: 



On Cat-3 



Cat -3- Show int trunk B Wans avowed on trunk 



Port 
FaO/19 

FaO 20 
FaO/21 

)/22 
) 23 
FaO/24 

Port 
FaO/ 19 
FaO/20 

Fill 1 1 
FaO 22 
FaO' 2 3 
FaO/24 



Vlans allowed on trunk 
34 (I 
1 -4094 
I -4094 
! -4094 
I -4094 
1 -4094 

Vlans allowed and active in management domain 
340 



1 - 10, 100,1 20,1 30, 140,200,230,240,3 
1-10,100,120,130,140,200,230,240,3 
1-10, 100,120,] 30, 140,200,230,240,3 
1-10,100,120,130,140,200,230,240,3 
1-10, 100,1 20,1 30, 140,200,230,240,3 



10,340,400 
10,340,400 
10,340,400 
10,340,400 
10,340,400 



( The rest of the output is omitted) 



On Cat-4 



Cat -4* Show int trunk B Vlans allowed on trunk 
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Port Vlans allowed on trunk 

FaO/19 34 

FaO/20 1-4094 

FaQ/21 240 

FaO/22 1 -40 94 

FaO/23 1 -4094 

FaO/24 1 -4094 

Port Vlans allowed and active in management domain 

Fa0/I9 34 

FaO '20 1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 

FaO/ 21 240 

FaO 22 1-10,100,120,1 30, 140, 20 ,2 3 ,24 ,30 , 34 ,400 

FaO/23 I - 10, 100,120,1 30, 140,200,230,240,300,340,400 

Fa0/24 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 
/ The rest of the output is omitted) 



Policy Item 4: « 

On Cat- 1 anil Cat -3 

Cat-x(coniig)#int fD/21 

Cat-x(config-il)#switi:hport trunk allowed vlan 130 

To verify the configuration: 

On Cat-1 

Cat- l#Snow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


120 


FaO 20 


! -4094 


FaO/ 21 


130 


FaO/22 


I -4094 


FaO 23 


1 -4094 


FaO 24 


1-4094 



Port Vlans allowed and active in management domain 

FaO 19 120 

FaO/20 1 .10,100,120,130,140,200,230,240300,340,400 

FaO/ 21 130 

FaO/22 1 - 1 , 100 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO 23 1-10.100,120,130.140- 20 .2 3 .24 .30 . 34 .40 
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FaO/ 24 1- 10, 100,1 20, 130\ 140,20 ,2 3 Q ,24 30 , 34 0,40 
(The rest of the output is omitted/ 

On Cat-3 

Cat-3#Show int trunk ! B V r lans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


340 


FaO 20 


1-4094 


FaO.' 21 


130 


FaO/22 


1 -4094 


FaO/23 


1 -4094 


FaO 24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO 19 340 

FaO/20 I - 1 J A 2 J 3 0, 140, 20 ,2 3 ,24 ,30 , 34 0,40 

FaO/ 21 130 

FaO 22 1 - 10,1 DO ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

FaO 2 3 1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

FaO ,'24 I- 10, 100,1 20,1 30, 140 ,200 ,230 ,24 ,30 , 34 ,40 

( The rest of the output is omitted/ 

Policy Item 5: -« 



On Cat- 1 and Cat-4 

Cat-x(conlig)r*int FO 23 
Cat-xfcontig-ift^Jwitchport trunk allowed vlan 140 

To vcrit'v the configuration: 

On Cat- 1 

Cat- l#Show int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


120 


FaO 20 


1-4094 


FaO/21 


130 


Fail 22 


1 -4094 


FaO/ 23 


140 



CCIE R&* b) Narbik Kochar tans Ad* anted CC1E R&S Work Book 2.11 Page 36 of 1 068 

O2009 Varhik Kucha riani. All rijhti renrrved 













Fat) 24 1-4094 








Port Vlans allowed and active in management domain 








Fat); 19 120 








FaO/20 1 - 1 , 100 , 1 20 , 1 30, 14 , 200 ,2 3 ,24 ,30 , 34 0,40 








Fat) '21 130 








Fat). 22 1 - 10, 100,120,1 30, 140 ,200 ,2 3 0,24 0,30 0,34 0,400 








Fat)/ 23 140 








Fat)/24 1-10,1 00 ,120,130, 140 ,200 ,2 3 ,240 ,300 , 34 ,40 








(The rest of the output is omitted) 








On Cat-4 








Cat-4#Snow int trunk | B Vlans allowed on trunk 








Port Vlans allowed on trunk 








Fat)/ 19 340 








Fa0/20 1-4094 








Fat)/21 240 








Fat)/22 1-4094 








Fa(>;23 140 








Fat) ,24 1-4094 








Port Vlans allowed and active in management domain 








Fat); 19 340 








Fat);'20 i -10,100,120,130,140,200,230,240,300,340,400 








Fat)/21 240 








FaO/22 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 








Fafl/23 140 








Fat)/24 1-10,100,120,1 30, 140 ,200 ,2 30 ,24 ,30 , 34 ,40 








(The rest of the output is omitted) 








Policy Item 6: 






On Cat-2 and Cat-3 




Cat-x(config)T*int F023 








Cat-xi'contig-iiV*Svtiti:hport trunk allowed \Ian 230 








To verify the configuration: 








On Cat-2 
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Cat-2*Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


120 


FaO/20 


1 -4094 


FaO/21 


240 


FaD/22 


1 -4094 


FflO/23 


23(1 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


120 


FaO/20 


1-10,100,120,130, 140,200 ,2 30 24 ,30 , 34 0,40 


FaO/21 


240 


FaO/22 


1- 10, 100,1 21U 30, 140,200,230,240,300,340,400 


FaO/23 


230 


FaO/24 


I.10J00J20J 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 


On Ca 


t-3 


Cat-3-Show int trunk B Vlans allowed on trunk 


Port 


Vlans alb wed on trunk 


FaO/19 


340 


FaO/20 


1 -4094 


FaO/21 


130 


FaO/22 


1 -4094 


FaO/23 


23 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


340 


FaO/20 


1 - 10 , 100 , 1 20 , 1 30, 14 ,200 ,2 3 ,240 ,30 , 34 ,400 


FaO/21 


130 


FaO/22 


1-10, 100, 120, 130, 140, 200 ,2 30 2240,300, 34 0,400 


FaO/23 


230 


FaO/24 


1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 
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Task 17 



Add VLAXs to the allowed list of the trunk hascd on the following chart: 



Polict Itt'Ill 


Trunk Interface: 


Between Switches 


Allowed VI.AVs 


I 


FO 19 


Cat-1 <--» Gat-2 


100 


■^ 


FO 2 1 


Cat-2 «--» Cat 4 


200 




FQ19 


Cut -3 «--» Cat 4 


300 


4 


F023 


Cat 4 «-■» Cut 4 


400 



Policy Item 1: 



On Cat- 1 and Cat-2 

Cat-x(conn"g)#int fO 1 9 

Cat-xfconng-if^Switchport trunk allowed vlan add 100 



To verify the configuration: 



On Cat-1 

Cat- l"Sho\v int trunk ! B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaB/19 100,120 

J/20 14094 

J/21 130 

FaO/22 14094 

FaO/23 1 40 

Fafl/24 14094 

Port Vlans allowed and active in management domain 

FaO/19 100,120 

Fafl 20 I - 1 J 00 , 1 2 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 130 

FaO/22 1-10,100,120,130,140 ,200 ,2 30 ,24 ,30 , 34 ,40 

FaO/23 140 

Fall 24 1-10,1 00 , 1 20 , 1 30, 140, 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

Cat-2#Show int trunk I B Vlans allowed on trunk 
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Port Vlans allowed on trunk 

FaO/19 100,120 

Fa0/20 1 -4094 

FaQ/21 240 

J/22 1-4094 

)/23 230 

J/24 1-4094 



Port Vlans allowed and active in management domain 

FaO/19 100,120 

FaO '20 1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 

FaO.' 21 240 

Fa0/22 I - i , 100 , 1 20 , 1 30, 140 ,20 ,2 30 240 ,30 , 34 ,40 

FaO/23 230 

FaO 24 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 

f The rest of the output is omitted) 



Policy item 2: 



On Cat -2 and Cat-4 

Cat-4(config)#int fD/21 

Cat-4(coniig-if)#Svt Heliport trunk allowed vlan 200 

'I'o yerify the configuration: 

On Cat-2 

Cat-2#Show int trunk B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaO. 19 100,120 

FaO '20 I -4094 

FlIKZl 2(1(1,24(1 

Fa0/22 I -4094 

FaO; 2 3 230 

FaO.' 24 1 -4094 

Port Vlans allowed and active in management domain 

FaO 19 100,120 

FaO 20 I - 1 , 100 , 1 20 , 1 30, 140 ,20 ,2 3 ,24 ,30 , 34 ,40 

FaO.' 21 200,240 

FaO 22 1 - 10. 100.1 20.1 30. 140.200.230.240.300.340.400 
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FaO 23 


230 


FaO/24 


l-liJjUU.i:O.I3U.I40.:uO r 230 r 240 r 300.34U.4UiJ 


i The rest of the output is omitted) 


On Ca 


t-4 


Cat-4#Show int trLink B Vlans allowed on trunk 


Port 


Vlan s allowed on trunk 


FaO/ 19 


340 


FaO/20 


1-4094 


ftO/21 


20(1,240 


FaO/22 


1 -4094 


FaO 23 


140 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO; 19 


340 


FaO/20 


1-10,100,120,130,140,200,230,240300,340,400 


FaO/ 21 


200,240 


FaO/22 


1-10, 100,120,] 30, 140,200,230,240,300,340,400 


FaO/23 


140 


FaO/24 


1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,400 


i The rest of the output is omitted) 


Policy 
On Ca 


item 3: 


t-3 and Cat -4 


Cat-x(config')#int ffl/19 


Cat-x(coniig-if)r*S\*itchpoi"t trunk allowed vlan add 300 


To verify the configuration: 


On Ca 


t-3 


Cat-3#Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/20 


1-4094 


FaO/21 


130 


FaO/22 


1-4094 
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FaO/23 230 
FaO/24 I -4094 

Port Vlans allowed and active in management domain 

FaO/19 30(1,340 

FaO/20 1 - 1 J 00 , 1 .20 , 1 30, 1 4 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 130 

FaO/ 22 1-10,100,120,1 30, 140 ,200 ,2 3 ,24 ,30 , 34 ,40 

FaO/23 230 

FaO '24 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

(The rest of the output is omitted) 

On Cat-4 

Cat-4#Sbow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/20 


1-4094 


FaO/21 


200.240 


FaO 22 


1-4094 


FaO, 1 2 3 


140 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO.' 19 300,340 

FaO/20 1-10,100,120,130,140, 200 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 200,240 

FaO/22 I - 10,100,120,1 30,140,200,230,240,300,340,400 

FaO/23 140 

FaO 24 1-10,100,120,130,140,200,230,240,300,340,400 

(The rest of the output is omitted) 



Policy item 4: ^_ 



On Cat-1 ami Cat-4 

Cat-x(con%)#int FO 23 

Cat-x(coniig-if)r*Switchpor4 trunk allowed \lan add 400 



I o verity the configuration: 



On Cat-1 
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Cat- l#Snow int trunk ' B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


Fat); 19 


100,120 


FaO 20 


1-4094 


FaO 2 1 


130 


FaO. 22 


1-4094 


FaO/ 23 


140,400 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO. 19 100,120 

Fa0/20 1 - 1 , 1 00 , 1 20 , 1 30, 140 ,20 ,2 30 ,240 30 , 34 ,40 

FaO, 1 21 130 

FaO/22 I - 10, 100,120,1 30, 140,200,230,240,300,340,400 

FaO.' 23 14(1,400 

FaO '24 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

On Cat-4 

■Cat-4r*Show int trunk | B Mans allowed on trunk 

Port Vlans allowed on trunk 

FaO. 19 300,340 

FaO 20 1-4094 

FaO,' 21 200,240 

FaQ/22 1-4094 

FaO/ 23 140,400 

)/24 1-4094 



Port Vlans allowed and active in management domain 

FaO 19 300,340 

FaO '20 1-10,100,120,130,140 ,200 ,2 3 ,24 ,30 , 34 ,40 

FaO. 1 21 200,240 

FaO/22 1 - 1 , 1 00 , 1 2 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/ 23 140,400 

FaO 24 1 - 1 , 100 , 1 20 , 1 30, 140 ,200 ,2 30 ,24 ,30 , 34 ,40 

t The rest of the output is omitted) 
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[ask IS 



Remove VLANs from the allowed list of the trunks based on the following chart: 



Polict Itt'IU 


Trunk In 


terface: 


Between Switches 


Allowed VI.aVs 


I 


FO 22 


Cat-1 <"» Cat-3 


Remove 1.4- 10 ONLY 


2 


F022 


Cat-2 <--» Cal-4 


Remove 2, 4- 10 ONLY 



Policy 
On Ca 


ltf l TTl 1 * -■ 


1LI.1II I. • ^t^^^ 

t-1 and Cat-3 


Cat.x(coniig)#int ft) 22 


Cat-xfconng-if^Switchport trunk allowed vlan remove 1,4-1(1 


In verify the configuration: 


On Ca 


t-1 


Cat- 1 "Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


100,120 


FaO 20 


1-4094 


FaO/21 


130 


Fall.' 2 2 


2-3,11-1094 


FaO 23 


140,400 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO,' 19 


100,120 


FaO/20 


1-10,100,120,130,140,200,230,240300,340,400 


FaO/21 


130 


Fall/ 2 2 


2-3,1(1(1,12(1,13(1, 140,200,230,240,300,340,400 


FaO/23 


140,400 


FaO/24 


1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


(The rest of the output is omitted) 


On Cat-3 


Cat-3~Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 
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FaO/ 19 


300,340 


FaO.' 20 


1 -4094 


FaO. 21 


130 


FaO/22 


2^3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO, 1 19 


300,340 


FaD/20 


1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


FaO/21 


130 


FaO/22 


2-3400^20,130,140,200,230,24030(1,340,400 


FaO/23 


230 


FaO/24 


1.10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,400 


{The rest of the output is omitted) 


l'ulicv 


itimi f* J 


ILLIII — . ^ 


On Ca 


t-2 and Cat-4 


Cat-x(config)#int fl) 22 


Cat-x(config-if)?*Svt heliport trunk allowed vlan remove 2,4-10 


To verily the configuration: 


On Cat-2 


Cat-2**Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ '19 


100,120 


Fa0/20 


1 -4094 


FaO/21 


200,240 


Fa(l/ 2 2 


1,3,11-4094 


FaO/23 


230 


Fat) 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


100,120 


FaO/20 


1 - 10 , 100 , 1 20 ,130,140 ,200 ,2 3 ,24 ,30 , 34 ,400 


FaO/21 


200,240 


FaO/ 22 


[,3,100,120, 130, 140,200,230,240,300,340,400 


FaO/23 


230 
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FaO/24 


1 - 10 , 1 00 , 1 2 , 1 3 0, 14 ,20 ,2 3 ,24 ,30 , 34 ,400 


(The rest of the output is omitted/ 


On Ca 


t-4 


Cat-4#Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300.340 


FaO/20 


1 -4094 


FaO/21 


200,240 


FiiO/22 


13,11-4094 


FaO/23 


140,400 


FaO 24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300,340 


FaO 20 


1 - 10 , 100 , 1 20 , 1 30, 140 , 20 ,2 3 ,24 ,30 , 34 ,40 


FaO/21 


200.240 


FaO.' 22 


U,1(K!,12(U3(M40,2(K!,23(U40,3(KM40,400 


FaO 23 


140,400 


FaO/24 


1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 



Task 19 



Configure Cat- 1, Cat-2 and Cat-4 based on the following chart: 



Polio Item 


Trunk Intel 


"lace: 


Between Switches 


Allowed VLAVs 


i 


F0.20 


Cat-1 <--» Cat-2 


None 


^ 


FO 24 


Cut- 1 <--» Cut -4 


None 



Policy Item #1 



On Cat-1 and Cat-2 



Cat-x(coniig)*int rtt'20 
Cat-x(coniig-if)r*Swi trunk allow vlan none 
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On Ca 


t-1 


Cat- I s Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


Fall/ 20 


no nu 


FaO/21 


130 


FaO/22 


2-3,1 1-4094 


FaO/23 


140,400 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


Fa0/2fl 


none 


FaO/21 


130 


FaO 22 


2-3 s 100, 120,1 30,1 40,200,230,240,300,340,400 


FaO/23 


140,400 


FaO/24 


1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 


On Ca 


t-2 


Cat-2#Sfaow int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


Fa(l/ 20 


none 


FaO/21 


200,240 


FaO. 22 


1,3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


FaO/ 20 


none 


FaO/21 


200,240 


FaO/22 


1,3,100,120,130,140,200,230,240,300,340,400 


FaO/23 


230 


FaO/24 


1-10, 100,1 20,1 30, 140,200,230,240,300,340,400 


(The rest of the output is omitted) 


Policy 


uem wl 
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Cat-x(con%')#int ftl 24 








Cat-x(con%-if)r ! S\vi trunk allowed vlan none 








To verify the configuration: 








On Cat-1 








Cat- InSbow int trunk B Vlans allowed on trunk 








Port Vlans allowed on trunk 








FaO 19 100,120 








FaO; 20 n a n c 








FaO/21 130 








FaO/22 2-3, 1 1 -4094 








FaO; 2 3 140,400 








FaO; 24 none 








Port Vlans allowed and active in management domain 








FaO' 19 100,120 








FaO '20 none 








FaO/21 130 








FaO/22 2-3, 100, 120,1 30,140,200,230,240,300,340,400 








FaO/23 140,400 








FaO.' 24 none 








(The rest of the output is omitted) 








On Cat -4 








Cat-4-Show int trunk 1 B Vlans allowed on trunk 








Port Vlans allowed on trunk 








FaO/ 19 300,340 








FaO; 20 1-339,341-4094 








FaO/21 200,240 








FaO/22 1,3,11-4094 








FaO/23 14 0.4 00 








FaO; 24 none 








Port Vlans allowed and active in management domain 








FaO; 19 300,340 








FaO 20 1-10, 100,120,1 30, 140,200,230,240,300,400 








FaO 21 200,240 








FaO/22 1 ,3 J 00 , 1 2 , 1 30, 1 4 , 2 00, 23 , 24 ,3 ,340 ,400 








FaO 23 140,400 






c< 
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FaO.' 24 none 

f The rest of The output is omitted/ 



Task 20 



Configure Cat- 1, Cat -3 and Cat -4 based on the following chart: 



Po li f\ item 


Trunk Interface: 


Between Switches 


Alloned VI.AV* 


I 


FO 20 


Cat- 3 <-•* Cut -4 


Ai: but 340 


•J 


FO 22 


Cut- 1 <--» Cal-3 


a:; but 130 



On Cat -3 and 4 


Cat-x(config')#int ft) 20 


Cat-x(conlig-if) s Sv*i trunk allowed vlan except 340 


In verify the configuration: 


On Ca 


t-3 


Cat-3r=Sho\v int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/ 20 


1-339341-4094 


Fa0/21 


130 


FaO 22 


2-3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300.340 


FaO/ 20 


1-10,100,120,130,140,200,230,240300400 


FaO/21 


130 


FaO/22 


2- 3, 1 00, 12 0,1 30, 140 ,200,230, 240, 30 0,340, 400 


FaO/23 


230 


FaO 24 


1 - 1 , 1 , 1 2 , 1 3 ,14 , 20 ,2 3 ,24 ,30 , 34 ,400 


(The rest of the output is omitted) 


On Cat-4 
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Cat-4#Snow int trunk ' B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/ 20 


1-339341-4094 


FaO/21 


200.240 


FaO/22 


1 S 3 S 11-4094 


FaO 23 


140,400 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO 19 300,340 

FaO.' 20 1-10,100,120,130,140,200,230,240,300,400 

FaO, 1 21 200,240 

FaO/ 22 1 ,3 A , 1 2 , 1 30, 1 4 , 2 00, 23 , 24 ,3 ,340 ,400 

FaO '2 3 140,400 

FaO '24 1-10,1 00 ,120,1 30, 140 „ 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

On Cat- 1 and Cat-3 

Cat-x(config)#int ftl'22 

Cat-x(conlig-if)nSvii trunk allowed v Ian except 130 

I o verify the configuration: 

On Cat-1 

Cat- l#Show int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


100,120 


FaO 20 


none 


FaO 2 1 


130 


FaO/ 22 


1-129,131-4094 


FaO/ 2 3 


140,400 


FaO 24 


none 



Port Vlans allowed and active in management domain 

FaO 1 9 100,120 

FaO/ 20 none 

FaO/21 130 

FaO/22 1-10,100,120,140,200,230.240,300,340,400 

FaO 23 140,400 
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FaO/24 


none 


(The rest of the output is omitted/ 


On Ca 


t-3 


Cat-3#Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300.340 


FaO/20 


1-339,341-4094 


FaO/21 


130 


FiiO/22 


1-129,131-4094 


FaO/23 


230 


FaO 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300,340 


FaO 20 


1-10, 100,120,1 30, 140,200,230,240,300,400 


FaO/21 


130 


FaO.' 22 


140,100, 120, 140,200,230,240,300£40vi00 


FaO 23 


230 


FaO/24 


1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


i The rest of the output is omitted) 



Task 21 



Configure Cat-2 and Cat-3 based on the following chart: 



Polio Item 


Trunk Interface: 


Between Switches 


Allowed MAN'S 


I 


F0.23 


Cat-2 <--> Cat-3 


ALL 


1 


F0 24 


Cm. -2 <--» Clil-2 


ALL 



On Cat-2 and Cat-3 

Cat-x(conng)#int range 10 23-4 
Cat-x(config-if)#svvi trunk allow vlan all 



To vL'rit'y thf configuration: 



On Cat-2 
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Cat-2**Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


FaO/20 


none 


FaO/21 


200,240 


FaO/22 


1,3, 11-4094 


FaO/23 


1-4094 


Fad.' 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


FaO/20 


none 


FaO/21 


200,240 


FaO/22 


1,3 , 1 00 , 1 20 , 1 30, 140,20 0, 23 , 24 ,3 ,340 ,400 


Fait/ 23 


1-1 0,1 00,120, 130, 140,200,230,240,300340,400 


FaO/24 


1-10,100,120,130,140,200,230,240,300340,400 


(The rest of the output is omitted) 


On Ca 


t-3 


Cat-3#Show int trmik B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


300,340 


FaO/20 


1-339341-4094 


FaO/21 


130 


FaO/22 


1-129,131-4094 


FaO/23 


1-4094 


FaO/24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


300,340 


FaO/20 


1 - 10, 100,120,1 30, 140,200,230,240,300,400 


FaO/21 


130 


FaO/22 


1-10, 100,120,1 40,200,230,240,300,340,400 


FaO/23 


1-10,100,120,130,140,200,230,240,300340,400 


FaO/24 


1-10,100,120,130,140,200,230,240,300340,400 


^ 77; t? nesf of the output is omitted) 
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Task 22 

Erase the config.tcxt and Ylan.dat on all four switches and reload them before proceeding 
to the next task. 






On All Four Switches 
Cat-x#Delete vlan.dal 
Cat-x#Delete conflgMext 

C at -x?* reload 






Task 23 

Configure all ibur switches based on following requirements: 

• Shut down all ports on all tour switches 

• Configure a Dot 1 q trunk between Switch 1 and 2 using port FQ'l 9 

• Set the VTP domain on Switch 1 and 2 to TST 

• Name the first Switch to Cat-] and the second Switch to Cat -2. 






On The hirst Switch: 
Switchfcontig^Host Gat- 1 

On The Second Switch: 

Switch(coniig)#Host Cat-2 

On All Four Switches: 

Cat-x(config)#int range ffll -24 
Cat-x(contig-if-rangc)#Shut 

On Cat-1 and Cat-2 

Cat-x(config)#intFQi9 

Cat-x(config-if)#swi trunk encapsulation dot Iq 

Cat-xi config-ilV^swi mode trunk 




e< 
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Cat-x(conng-if)#NO shut 

Cut -xi conl:g)-Vtp domain TST 






Task 24 

Configure VLAN 100 on Cat-1 und assign its F0.' 1 interface to this VLAN. 






On Cat-1 

Cat-](conng)#int fflT 
Cat- l(config-if)#Swi mode ace 
Cat-l(config-if)#Swiacc v 100 
Cat-l(conng-if)#NO shut 

To verily the configuration: 

On Cat-1 

Cut- L#Show vlun brie Inc VLANO 1 00 
100 VLANO 100 active 






Task 25 

Configure the switches such that they restrict Hooded traffic to those trunk links thut the 
traffic must use to access the appropriate network devkc/s 






This task is asking for VTP Pruning to be enabled, to understand VTP pruning, its 
helpful to know the VTP message types. 

There are four types of VTP advertisements that are exchanged between the 
switches, and they are: 

i. Summary advertisements: An update sent bv VTP servers or a 
client every 300 seconds or when a VLAN database change occurs. 
This update includes: VTP version, domain name, configuration 
revision number, time stamp, and number of subset advertisements. 




ct 
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If the advertisement results from a VLAN database change, one or 
more subset advertisements will follow. 

2 . Subset advertisements: An up da t e t ha t fo I lo ws a s um ma ry 
advertisement resulting from a change in the VLAN database. A 
subset advertisement includes the specific change's that was made to 
a given VLAN.'s. 

j . Advertisement reuuests from clients: T he se a r e up da t es sen t 

by a switch requesting more information so it can update its 
database. If and when a switch receives a VTP summary 
advertisement with a configuration revision number higher than its 
own, the local switch will send an advertisement request, requesting 
information about changes so it can update it's \ LAN database. A 
switch operating in VTP server mode then responds with one or 
more subset advertisements. 

4. VL A\ m em b ers hi p a n n o u ne e m en t : Thes e mess ages are 

generated by the switches when VTP Pruning is enabled and a port 
is associated to a given V LAN: these messages tell the neighboring 
switch that the local switch is interested in receiving traffic for that 
given VLAN. If the local switch does NOT send this message for a 
given VLAN, the neighboring switch will NOT send the traffic for 
that VLAN, and therefore the traffic for that VLAN will be pruned. 



On Cat- 1 



Cat- l#Show interface pruning 

Pruning not currently enabled in this device's VTP administrative domain. 

Note the above message states that the pruning feature is NOT enabled. The output 
of the following messages reveals the same fact: 

Cat- lf»Show vtp status I Inc VTP Pruning Mode 

VTP Pruning Mode : Disabled 

To enable VTP Pruning: 

Cat- lSVlp Pruning 
Pruning switched on 

To verify the configuration: 
On Cat-I 
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Cat- IffShow vtp status Inc VTP Pruning Mode 

\'TP Pruning Mode : Enabled 

Note this, configuration i> ill be propagated to all switches that have a trunk 
establishes with the local switch that and are in the same VTP domain: 

On Cat-2 

Cat-2#Sho\v vtp status ' Inc VTP Pruning Mode 

VTP Pruning Mode : Enabled 

Cat-2#Sh interface FQ 1 9 pruning 

Note the following output has two sections, the first section lists VLANs that are 
pinned, because the local switch has not received a Man Membership 
Announcement message (V MA) from the neighboring switch: 

Port Vlans pruned tor lack of request by neighbor 
FaO/19 none 

This section of the output identities for what VLANs the local switch has sent 
VMAs, and therefore, not pruned: 

Port Vlan traffic requested of neighbor 

FaO 19 I 

On Cat-1 

Cat- l#Sho\v interface ft) 1 9 pruning 

Note the local switch will NOT send traffic for \ LAN out of this trunk interface, 
because the local switch has NOT received VMAs for this VLAN. 

Port Vlans pained tor lack of request by neighbor 
FaO/19 100 

Note the local switch has sent VMAs for these two VLANs: 

Port Vlan traffic requested of neighbor 
FaQ/19 I.I 00 
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Task 26 

Configure YL AN* 200, 300, 400, 500 and 600 on Cat-1 and ensure that these YLAXs are 
propagated to Cat -2. 



On Cat-1 

Cat- l(config)#Vlan 200.300,400.500,600 
Cat- ](con%-vian)T*cxit 

On Cat-2 



Cat- 


2#Show vlan br 


exc uri 


sup 




<sni 


P> 








100 


YLAN0100 






active 


200 


VLAN0200 






active 


300 


VLAN0300 






active 


400 


\'LA\0400 






active 


500 


V LAN 0500 






active 


600 


YLAN0600 






active 


To verify the confiuurittiun: 


On Cat-1 









Note the output of the following show command displays that VLANs 100,200,300, 
400, 500 and 600 are pruned: 

Cat- If* Show interlace F0' 1 9 pruning 

Po rt V Ian s p ru nod to r lac k o f r cq u est by nc ig h bo r 
FaO 19 10 ,20 0,30 0, 40 , 50 ,6 

Port Vlan traffic requested of neighbor 
FaO 19 LI 00 

On Cat-2 

Cat-2ffShow interface F0 1 9 pruning 

Port Vlans pained tor lack of ret] u est by neighbor 
FaO; 19 20 (M0 0,4 00, 50 0,600 
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Port Vlan traffic requested of neighbor 
FaO 19 1 






Task 27 

Configure FO'2 interlace of Cat- 2 in VLAN 100. 






On Cat-2 

Cat-2(config)#im ffl/2 
Cat-2(config-if)#swi mode ace 
Cat-2(config-if)#swi aec v 100 
Cat-2(conlig-ii)#NO shut 

Note you may have tu wait fur 3(1 seconds for convergence: 

Cat-2#Show interface F 1 9 pruning 

Port Vlans pruned for lack of request by neighbor 
FaO 19 200300,400,500, 600 

Port Vlan traffic requested of neighbor 
FaO' "19 LI 00 

Note the output of the above show command reveals that the local switch has sent 
VMA message for VLAN 100. 






Task 28 

Configure the switches such that ONLY VLAN 300 is pruned. 






On Cat-1 

Cat- I#Show interface F0 1 9 pruning 

Port Vlans pmncd for lack of ret] u est by neighbor 
FaO/19 200,300,40(1,500,600 




c< 
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Port Vlan traffic requested ofncighbor 
FaO 19 LI GO 

Note VLAN 300 is pruned. To configure the switches such that its no longer pruned: 

On Both Switches: 

Cat-x(config)#int ft). 19 

Cat-x(config-if)#S\*itchport trunk pruning vlan 300 

Note the above command instructs the trunk to Prune VLAN 300 ONLY, therefore, 
the rest of the VLANs in the VLAN Database will NOT be pruned. 

On Cat- 1 



Cat- If* Show interface F0 1 9 pruning 

Po rt V Ian s p ru n cd lb r lac k o f r cq u est b y nc ig h bo r 
FaO/ 19 300 

Port Vlan traffic requested ofncighbor 
FaO ,19 1 ,100,200 ,400,500,} 

Note VLAN 3 

On Cat -2 Pruned. 

Cat-2f*Show interface F0 ^"pruning 

Po rt V Ian s muffed lb r I ac k o f r cq u est b y nc ig h be r 
Fa0/19 300 

Port Vlan traffic requested ofncighbor 
FaO 19 1 , 1 00 ,200 ,40 0,50 0, 60 



is the ONLY \ LAN that is 



Task 29 

Configure the switches such that VLAN" 200 is also pruned, you should NOT use the 
command from the previous task to accomplish this task. 



On Both Switches: 
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Cat-x(config)#int ft) 19 

C at - x( co n tig- if)£ Switch port trunk pruning vlan add 20(1 



'l'o vilify the configuration: 



On Cat-1 



Cat- l#Sh inter it) 1 9 pruning 

Port Vlans pruned for lack of request by neighbor 
Fat); 19 2003(H) 
▼^^^ 

Port Vlan traffic requested of neighbor 
FaO 19 lJ0O,4OO,50oJ&0-v^^ 

On Cat -2 ,-^Note VLAN 200 is added to the list of Pruned 

/-f VLANs 

Cat -2* Show interlace FO I9ji1~uning 

Port Vlans marncd tor lack of request by neighbor 
Fat); 19 200,300 

Port Vlan traffic requested of neighbor 
FaO; 19 LI 00. 400. 50 0.600 



Task 30 



Configure the switches such that NONE of the VLANs arc pruned. 



On Both Switches: 

Cat-x(contig)#int ft) 1 9 

C at- x( con fig- if)?* Sv.it eh port trunk pruning vlan NONE 



To verify the configuration: 



On Cat-1 



Cat- l#Sho\v interface ft) 1 9 pruning 
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Port Vlans pained tor lack of request by neighbor 
FaO.' 19 none _ 

*\ 

Port Vlan traffic requested of neighbor 
FaO/ 19 Lit) ,2 30 ,4 O&^QO , 60 

On Cat-2 ^> Note NONE of the \ LANs are pruned 

Cat -2S Show interlace F0 1 9 pruning 

Port Vlans pruned tor lack of request by neighbor 
FaO.' 19 none *'" 

Port Vlan traffic requested of neighbor 
FaO/ 19 L 1 r 2 ,30 0,40 0, 50 , 60 D 






Task 31 

Configure the switches such that all VLANs arc pruned. 






On Both Switches: 

Cat-x(config)#Int FO/19 

Cat-x(contig-it>SvMteh trunk pruning vlan 1,100,200300,400,500,600 

Note you should get the following errors: 

Command rejected: Bad VLAS pruning list. 

The reason the error message was generated was because VLAN 1 CAN NOT BE 
PRUNED. 

Cat-x( co n fig )#] n t F ' 1 9 

Cat-x(config-il>Suitch trunk pruning vlan 100,200,300,400,500,60(1 

To verify the configuration: 

On Cat- 1 

Cat- L#Show interface F0 1 9 nrunina 
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Port Vlans pained tor lack of request by neighbor 
FaQ/19 200,300,400,500,600 

Port Vlan traffic requested of neighbor 
FaOI9 LI 00 

Note VLAN 100 tan NOT be pruned because the local switch has port membership 
in this VLAN. 



On Cat-2 

Cat -2?* Show interface FO 1 9 pruning 

Port Vlans pruned tor lack of request by neighbor 
Fa0,19 200,300,400,500,600 

Port Vlan traffic requested of neighbor 
FaQ/19 I.I 00 



Task 32 

Configure the switches such that VLAN' 200 is no longer pruned: do not use a command 
that was used before to accomplish this task. 



On Both Switches: 

Cat-x(config)#intF0']9 

Cat-x(contig-if)r*Switchport trunk pruning vlan remove 200 



To verify the configuration: 

On Cat-1 

Cat- l#Show interface F0 19 pruning 

Port Vlans pained tor lack of request by neighbor 
FaO 19 300.400,500,600 
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Port Vlan traffic requested of neighbor 
FaO 19 1.100.200^. 

Note VLAN 200 was removed from the 
On Cat -2 > list of VLANs being pruned. 



Cat'ZsShow interface F0 1 9 pruning 

Port Vlans pained tor lack of request by neighbor 
Fuij 19 300,400,500,600 " 

Port Vlan tralYiCjrcqucstcd of neighbor 
FaO 19 1,100,200 



Task 33 

Erase the vlan.dat and config.tcxt and reload the switches before proceeding to the next 
lab. 
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Lab 2 
EthcrChanncls 



FO/19-20 




Task I 

Configure the hostname of the first switches as per diagram. Ensure that the ports of these 
four switches arc in Shutdown mode. Configure VTP domain name to TST on all four 
switches. 



On SW -I 

Switch(coniig)#hostnamc SW- 1 

SW- l(config)#int range ffi/1 -24 
SW- 1 (config-if-rangc)nSh ut 

SW-lfconfig^VTP domain TST 
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On S\\ -2 

S witc h( co n tig )#h o st n amc S W - 2 

S\V-.2(config)#int range fll' 1 -24 
S W- 2( c o n tig- it- rangc)# Sh ul 

SW'-2(contig)r*\"rP domain TST 

On SW-3 

Switch(contig)#hostnamc SW-3 

S W- 3( co n iig)#i nt range ftl' 1 -24 
S W- 3( co n tig- if- ranged Sh ut 

S\V-3(config)#VTP domain TST 

On SW-4 

Switch(contig)#hostnamc SW-4 

SW-4(contig)#int range ffii-24 
S W-4(co n tig- if-rangc)#Sh ut 

SW-4(contig)#VTP domain TST 



Task 2 

Configure ports FQ 1 9 and FO/20 on SW-1 and SW-2 as trunk links using an industry 
standard protocol, these links should appear to Spanning-trec protocol as a single link. It* 
one of the links tail, the traffic should use the other link without any interaction. The 
ports on SW-1 should be configured such that they ONLY respond to PAgP packets and 
never start the negotiation process. 



EtherChannels provide the follows: 

> Fault-tolerant, high speed links between switches and routers. 

S* EthcrChanncl provides an automatic recovery tor the loss of a link by 
redistributing the traffic across the remaining link/s. 

> STP will not block o nc of the links in the bundle because to STP, the bundle 
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looks like a single link. 

> Up to 8 links can be combined to provide more bandwidth. 

P The links within the bundle must have the same characteristics such as 
duplexing > speed and etc. 

> EthcrChannel can be configured as layer 2 or layer 3. 

P With Layer 3, a logical interface (Port-Channel) is statically configured and all 

Layer 3 configurations arc performed under that interface. 
P With Layer 2, the logical interface is created automatically. 

> With both Layer 2 and Layer 3, physical interfaces must be manually assigned to 
the logical interface using "channel -group 1 'con figuration command. 

'i* EthcrChanncls can be configured automatically using Port aggregation protocol 

(PAgP) or Link Aggregation protocol (LACP). 
P PAgP is a Cisco proprietary protoco !> whereas LACP is an industry standard 

IEEE 802. 3ad protocol. 
P Switches can be configured to use PAgP by configuring them in ALTO or 

DESIRABLE mode. 
P Switches can be configured to use LACP by configuring them in ACTIVE or 

PASSIVE mode. 

> If the switches arc configured in OX mode, they will not exchange LACP or 
PAgP packets. 

Thin Liru 5 modi's I3ntl lliu suitiln^ inn bu i'on]'i;juri'd in: 

P ON — Forces the interface into an EthcrChannel without PAgP or LACP packets,, 
both switches must be configured in OX mode for the EthcrChannel to be 
established. 

P ACTIVE - Used in LACP - the switches will actively negotiate an EthcrChannel 
link. 

P PASSIVE — Used in LACP ,, it places the interface in a passive negotiation mode 
where it only responds to LACP packets that it receives. In this mode the switch 
will not start the negotiation process; this setting minimizes the transmission of 
LACP packets. 

'r AUTO — Used in PAgP, , it places the interface in a passive negotiation mode; It 
only responds to PAgP packets that it receives. In this mode the switch will not 
start the negotiation process; this setting minimizes the transmission of PAgP 
packets. 

P D E5 1 R . \ B L E - Used in PAgP ,, the switc hes wil 1 ac lively ncgo tiatc an 
EthcrChannel link. 

The following table is very important to understand when configuring 
EtherChannels: 
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[fSW-1 is 

configured in 


lfS\V-2is 

configured in 


Will an 

Kthei Channel be 

est abli shed? 


The protocol 
used: 


Desirable 


Desirable 


YES 


PAgP 


Desirable 


Auto 


YES 


PAgP 


Auto 


Auto 


NO 


« 


Active 


Active 


YES 


LACP 


Active 


Passive 


YES 


LACP 


Passive 


Passive 


NO 


— 


ON 


ON 


YES 


NONE 


on 


An to 


NO 


~ 


ON 


Desirable 


NO 


~ 


ON 


Passive 


NO 


« 


ON 


Active 


NO 


— 



When configuring EtherChannels, configuration of EtherChannels should be 
configured in certain order, the following is my recommendation for creating 
EtherChannels: 

1. Configure '"Default interface" for the interfaces involved. 

2. Assign a channel-group and channel-group number to the physical 
interfaces, this step will create a port-channel interface automatically. 

3. Configure the trunking encapsulation directly in port-channel interface 
configuration mode. 

4. Reset the ports in the group by entering "Shut 1 " and then, "No Shut'". 

Step One 
OnSW-1 
SW- l(config)*Default interface range FJI/19-2J) 

SW-l(con%)#]ntcrikcc range RV 19-20 
SW- ](config-if-rangc')#NO Shut 

Step Two 

SW-l{oomfigJ#iBt range ffl- 1 9-20 

S W- 1 ( con fig- if- rarjgc)#C hanncl -gro up 1 2 mo die Auto 

You should see the following messages: 

Creating a port-channel interface Port-channel 12 

Note the interface Port-channel 12 is created automatically': 
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SW- l"Show am Inc interlace Port-channel 
interface Port-channcll2 

Stt?p I " J 1 J' iL- iL- 

SW-I{oanfig]#Iilt Port-channel 12 

SW-](config-if)#S , **itehport trunk encapsulation dotlq 
SW- l(config-ifj#Switdip«t1 mode trunk 

On SW-2 

SW-2(config)#Default interface range FW19-20 

SW-2(config)#int range fit 1 9-20 

S\V-2( con tig- if- range )"Qi an n el-group 21 mode Desirable 

S \V-2( co n fig)S 1 n t Po rt -ch a n n el 2 1 

SW-2(contig-if)*S'witehport trunk encapsulation dotlq 
SW-2(CMifig-if)#S , r> itch port mode trunk 

Step Four 

On SW -1 and SW-2 

SW-x(coniig-ii)#int range m 19-20 
S W-x( co n fig- if- range )#Sh ut 
S \V-x( co n fig- if- r angc )# \( ) shu t 

To verify the configuration: 

On SW-1 

SW- l#Sh interlace trunk 

Port Mode Encapsulation Status Native via n 

Pol 2 on 802. lq trunking 1 

/ The rest of the output is omitted) 

On SW-2 

S\V-2#Sh interlace trunk 
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Port Mode Encapsulation Status Native vlan 

Pt>21 cm 8(12. lq tru liking 1 

f The rest of the output is omitted) 

On SW-1 



SW-lffShow interlace 10 19 switchport Inc Operational Mode 
Operational Mode: trunk (member of bundle Poll) 

On SW-2 

SW-2*Sh int fll'19 swi ! Inc Operational Mode 
Operational Mode: trunk (member of bundle Poll) 



Task 3 

Configure ports FO. 2 1 and FQ '22 on SW-3 and SW-1 as trunk links using an industry 
standard protocol, these links should appear to STP as a single link. If one ol'thc links 
tails,, the traffic should use the other link without any interruption. These ports should 
NOT negotiate by exchanging LACP or PAgP protocol to accomplish this task. 



On SW-1 

SW-1 (con fig)?* default interface range FO/21-22 

SVV- l(config)#lnt range FO/21 - 22 
SW-I(config-if-rangc)#GianneI-group 13 mode on 
SW- ](config-il-rangc)#NO shut 

S W- l(config-if-rangc)#int port-channel 13 

SW- 1 ( co n fig- if)# switch port trunk encapsulation dotlq 

SW- ](config-if)#swi mode trunk 

On SW-3 

S\V-3(coniig)riDefault int range fH/21-22 
SW-3i;config)*lnt range til 21 - 22 
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SW-3(coniig-if-rangc)riChanneI-group 31 mode on 
S W- 3( co n tig- if- rangc)#> O shu t 

S W- 3( co n tig- if- rangc)#in 1 port- eh a n nel 3 1 

S W- 3( co n tig- if)#s\\i tch port trunk encapsulation dotlq 

SW-3(conlig-if)#S , vvi mode trunk 

On Both SW-I and SW -3 

S\V-x(contig)f#int range RI/21-22 
S W-x( co n tig- if- range )#Sh ut 
SVV-x(config-if-rangc)#N() Shut 

I 'n vL'fit'v the ct»ni'i<junitit>n: 

On SW-1 

S\V-l"Sho\v interface trunk 

Port Mode Encapsulation Status Native v Ian 

Pol2 on 802. lq trunking I 

Pol 3 on 802. lq trunking 1 

(The rest of the output is omitted) 

SW- 1 g Show cthcrchanncl protocol 

Channel- group listing: 

Group: 12 

Protocol: PAgP 

Group: 13 

Protocol: - (Mode ON)*' 

On SW -3 

S\V-3rrShow interface taink 

Port Mode Encapsulation Status Native v Ian 

Po31 on 802. lq trunking 1 

(The rest of the output is omitted/ 




>i:ili; PAliP is used lor Ether dm rind negotiation. 



Note PAgP or LACP is NOT in use 
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SW-3#Show cthcrchanncl summary 

Flags: D - down P - in port -channel 

1 - stand-alone s - suspended 
H -Hot-standby (LACP only) 
R - Layer 3 S-Lavei'2 

U -in use f - failed to allocate aggregator 

u - unsuitable for bundling 
w - waiting to be aggregated 

d - default port 

Number of channel-groups in use: 1 
Number of aggregators: 1 

Group Port- channel Protocol Ports 

31 Po31fSU) - Fau721(P) FaG722(P) 



Task 5 

Ensure that all the EthcrChanncIs created on SW-1 arc load -balanced based on 
destination MAC address. 



Etherchannel Load balancing can be done on 3550 or 356(1 snitches: 3560 switches 
are more flexible and provide more options, the following explains the load- 
balancing options available on these switches: 

On 3550 Switches: 

Source MAC Address - Packets forwarded to an EthcrChannel arc distributed across the 
ports in the channel based on the Source MAC address of the incoming packets. 
Therefore,, different devices with different source MAC addresses use different interfaces 
in the bundle. When source MAC address load balancing is enabled, the load distribution 
based on i.1..j Source and Destination IP address pair : _ _.r.:. u ::>v 

routed IP traffic. 

Destination MAC Address - If the E thcrChanncl is between a router and a switch and 
since the router has a single MAC add res S, destination based load balancing is the best 
way. In this load balancing method, packets forwarded to an EthcrChannel 

arc distributed across the ports in the channel based on the Destination MAC." address of 
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the incoming packets. 

.Note there arc only tno choices on 3550 snitches: 

S\V-3(contig)rrPort-channel load-balance ? 
dst-mac Dst Mac Addr 
sre-mac Src Mac Addr 

To verily the default setting: 

On SVV-3 

SVv'-3#Show Ethcrchannci load -balance 

EtherChanne I Load-Balancing Operational State (sre-mac): 
Non-IP: Source MAC address 

IPv4: Source MAC address 

IPv6: Source IP address 

SW-1 is a 3560: 

The iblhming arid thu options available on 3561) switches: 

Source MAC Address - When packets arc forwarded to an Ethcrchannci, they 1 re 
distributed across the ports in the channel based on the Source MAC address of the 
incoming frame. 

DL'sliiialimi MAC." Address - When packets are forwarded to an Ethcrchannci, they're 
distributed across the ports in the channel based on the Destination MAC address of the 
incoming frame. 

Source and Destination MAC Address ■ When packets arc forwarded to an 
Ethcrchannci, they're distributed across the ports in the channel based on the Source & 
Destination MAC, address pair j: i.I"..j i...,nr ng frame. 

Source IP Address - When packets arc forwarded to an Ethcrchannci, they're distributed 
across the ports in the channel based on the Source IP address of the incoming frame. 

Destination IP Address - When packets arc forwarded to an Ethcrchannci, they're 
distributed across the ports in the channel based on the Destination IP address of the 

incoming frame. 

Source & Destination IP Address - When packets arc forwarded to an Ethcrchannci, 
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they're distributed across the ports in the channel based on the Source & Destination IP 
ad d ress pa i r o f the incoming frame. 

To sw thi 1 abox v options on 3561) switchi'S : 

SW-](coniig)#Port-ehannel load-balance ? 
dst-ip Dst IP Addr 

d st -ma c D st M ac Ad d r 
sre- dst-ip Src XOR Dst IP Addr 
sre-dst-mac Src XOR Dst Mac Addr 
sre-ip Src IP Addr 

src- mac Src Mac Addr 

To verify thi 1 ikTault si-tting: 

SW- I s Show Ethcrchanncl load-balance 

EtherCluinne I Load-Balancing Opt 1 ratio mi I State (sre-mac): 

Nftll-IP: Source MAC address 
IPv4: Source MAC address 
IPv6: Source IP address 

To configure the load balancing based on the destination Mac addresses: 

OnSW-1: 

SW-I(config)#port-ehannel load-balance dst-mac 

To verify thi- configuration: 

OnSW-l 

SVV-l#Show ethcrchanncl load 

EthcrChanncl Load -Balancing Operational State (dst-mac): 

Non-IP: Destination MAC address 
IPv4: Destination MAC address 
IPv6: Destination IP address 

Note since the command is entered in the global configuration mode, it effects all 
EthcrChanncl ports created on the local snitch. 
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Task 6 

Ensure that all the EthcrChanncls. created on SW-2 arc load ■balanced based on the 
following policy: 

» For Non-IP, Source and Destination MAC address 

* For IPv4, Source and Destination IP Address pair 

• For IPv6. Source and Destination IP address pair 



On SW -2 

S W-2( co ntig)# port- channel load-balance sre-dst-ip 

To verify the configuration: 

On SW-2 

SW-InShow Ethcrchanncl jo ad -balance 

EtherChannel Load -Balancing Operational State isre-dst-ip): 
Non-IP: Source X OR Destination MAC address 

IPv4: Source XOR Destination IP address 

IPv6: Source XOR Destination IP address 

The following reveals the behavior of a 356(1 snitch when the load balancing is 

changed: 

II the load-balancing is changed to "sre-mac": 
Non-IP: Source MAC address 
IPv4: Source MAC address 
IPv6: Source IP address 

If the load-balancing is changed to "dsl-inac'": 

Non-IP: Destination MAC address 
IPv4: Destination MAC address 
IPv6: Destination IP address 

If the load-balancing is changed to "sre-ip": 

Non-IP: Source MAC address 

IPv4: Source IP address 
IPv6: Source IP address 

If the load-balancing is changed to "dst-ip"': 
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Non-IP: Destination MAC address 
IPv4: Destination IP address 
IPv6: Destination IP address 

If the load-balancing is changed to "sre-dst-mac": 
Non-IP: Source XOR Destination MAC address 
IPv4: Source XOR Destination MAC address 
IPv6: Source XOR Destination IP address 

If the load-balancing is changed to "sre-dst-ip": 

Non-IP: Source XOR Destination MAC address 
IPv4: Source XOR Destination IP address 
IPv6: Source XOR Destination IP address 






Task? 

Configure ports FO 2 1 and FO 22 on SW-2 and SW-4 as trunk links using Cisco 
proprietary trunking encapsulation, these links should appear to STP as a single link, [f 
one of the links fails, the traffic should use the other link without any interruption. These 
ports should actively negotiate an ethcrchanncl using PAgP. 






On SW-2 

S\V-2i;config)#default interface range fl)/2l-22 

SW-2(config)#int range ftt'21-22 

SW-2(config-if-rangc)#channeI-group 24 mode desirable 
S W- 2( co n fig- if- rangc)#N( ) shu t 

S\V-2(config)r*]nt port-channel 24 

S W- 2( con tig- if)#sw itch port trunk encapsulation isl 

S \V-2( "con tig- if)" Switch port mode trunk 

On SW-4 

SW-4(config .^default interface range f()/21-22 

S\V-4(config)#int range ffi'2 1 -22 

SW-4(contig-if-range)T*ehannel-group 42 mode desirable 
S \Y-4(co n tig- if- rangc)#N( ) shu t 




ct 
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SW-4(config')#int port -channel 42 
S\Y-4(coniig-if)#switchport trunk encapsulation isl 
S\V-4(coniig-if)#switchport mode trunk 

On S\\ -1 and SW -4 

S W-4(coniig- if- range )#int range fD/2 1 -22 
S \V-4(co n tig- if- range )#sh ut 
SW-4(config-if-rangc)#NO shut 

I 'n vL'fit'v the configuration: 

On SW-4 

SVV-4#Show interface trunk 

Port Mode Encapsulation Status Native v Ian 

I-Y42 cm isl trunk in l; 1 

(The rest of the output is omitted) 

To verify the configuration: 

On SW-4 

SW- If* Show cthcrchanncl protocol 
Channel- group listing: 




Notu PA^P is msud \\;y M <3i u i-i^]i l-l n l ai u L nu imitation. 



SVv'-2#Show interface trunk 

Port Mode Encapsulation Status Native vlan 

Po21 on 802. lq trunking I 

Po24 on isl trunking 1 

(The rest of the output is omitted) 
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S\V-2#Sho\v cthcrehanncl summary 

Flags: D - down P - in port- channel 

] - stand-alone s - suspended 

H -Hot-standby (LACP only) 

R - Laycr3 S-Laver2 

I- - in use f - foiled to allocate aggregate) r 

li - unsuitable for bundling 
w - waiting to be aggregated 

d - default port 

Number of 'channel-groups in use: 2 
Number of aggregators: 2 

Group Port- channel Protocol Ports 

21 PoZlfSU) PAgP FaO/19(P) FaO/20(P) 
24 Po24(SU) PAgP FaO/21(P) FaO/22(P) 






I ask 8 

Configure ports FO. 1 9 and FQ 20 on SW-3 and SW-4 as trunk links using Cisco 
proprietary trim king encapsulation, these links should appear to STP as a single link. If 
one of the links fails, the traffic should use the other link without any interruption. These 
ports on SW-3 should be configured such that they ONLY respond to LACP packets that 
are received from the appropriate ports on SW-4. 






On SW -3 

SW-3C©Oiiig)* default inter range fU/ 19-20 

SW-3(config)#int range RV1 9-20 

S W-3( con tig- if-rangc)# channel-group 34 mode passive 

S W- 3( co n fig- if- rangc)#N ( ) shu t 

S\V-3(config)#int port-channel 34 

S W- 3( co n fig- if) U Switch port trunk encapsulation isl 

S\V-3( con fig- if)?* Switch port mode trunk 

On SW-4 




a 
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SW-4(config>#def'ault interface range ft)' 19-20 

SW-4(config)#int range fO/ 1 9-20 
S\V-4(contig-if-rangc)#channeI-yroup 43 mode active 
S \V-4(co n tig- if- r angc)#NO shu t 

SW-4(conlig)r! ! int port-channel 43 

S \V-4(con tig- if)#sv\ itch port trunk encapsulation isl 

S\V-4(config-if)#switchport mode trunk 

On SW -3 and SW -4 

SW-4(contig)#int range fO/1 9-20 
S \V-4( co n tig- it- rangc)#Sh ut 
S \Y-4(co n tig- if- rangc)#N( ) shu t 



To verify the conf'igui ation: 



On SW -3 

S\\'-3"Sho\v cthcrchanncl protocol 

Channel-group listing: 
Group: 31 
Protocol: - (Mode ON) 

Group; 34 

Protocol: L.VCP 

SW-3#Sho\v interface trunk 

Port Mode Encapsulation Status Native vian 

Po31 on isl trunking 1 

Po34 on isl trunking 1 

f The rest of the output is omitted) 

On SW -4 

SW-4#Show interface trunk 
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Port Mode Encapsulation Status Native v Ian 
Po42 desirable n-isl trunking I 
Po43 cm isl trunking 1 
( The rest of the output is omitted) 

S\V-4#Sh ether summ B Number 

Number of channel-groups in use: 2 
Number of aggregators: 2 

Group Port -channel Protocol Ports 

42 Po42(Sl) PAgP FaO,'21(P) FaO/22(P) 

43 Po43(SU) LACP FaO/19(P) FaO/20(P) 






Task 9 

Configure ports FQ 23 and FO/24 on SW-1 and SW-4 as trunk links using Cisco 
proprietary tmnking encapsulation, these links should appear to STP as a single link. If 
one of the links fails, the traffic should use the other link without any interruption. These 
ports should be configured such that they actively negotiate a LACP EthcrchanncL 






On SW-1 

S\V-l(config)frdefauH interface range fO/23-24 

SVV-l(config)#int range fU'23-24 

SW-](config-if-rangc)#channeI-yroup 14 mode active 
S W- I(conlig-if-rangc)#NO shut 

S W- l(config)#int port-channel 14 
SW-l(confjg-if)#Swi tch port trunk encapsulation isl 

SW-1 (con tig- if)?* switch port mode trunk 

On SW-4 

SW-4(config)#default interface range fQ'23-24 

SW-4(coniig)#int range ft) 23-24 

SVV-4(config-if-rangc)#channeI-group 41 mode active 
S W-4(co n tig- if- range )#N( ) shu t 




et 
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S\V-4(coniig)#int port-channel 41 

S \V-4( con tig- if)f*s\\ itch port trunk encapsulal 

S W-4( con tig- ii)# switch port mode trunk 


ion hi 


On SW-I andSW-4 




SW-4(contig-it^int range 110/23-24 
S W-4(co n tig- it- range )#sh ut 
S\V-4(contig-ii-range)#NO shut 




Tu verify the co nf iu lira ti tin: 




On SW-1 




SW- 1-Show inter trunk 




Port Mode Encapsulation Status 
Pol2 on 802. lq tmnking 
Pol3 on 802. lq bunking 
Pol 4 on KI Ir unking 
(The rest of the output is omitted) 


Native vlan 

1 
I 
1 


On SW -4 




SW-4#Show inter trunk 




Port Mode Encapsulation Status 
Po41 on i si trunk in y 
Po42 desirable n-isl trunkiii" 
Po43 on isl trunk in y 

(The rest of the output is omitted) 


Native vlan 
1 
1 
1 


SW-4#Sk>w Ethcrchanncl Pro 




Channel-group listing: 




(J roup: 41 


Protocol: LACP 




Group: 42 




Protocol: PAgP 
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Group: 43 
Protocol: LACP 



task 9 

Configure ports FO/23 and FQ'24 on SW-2 and SVV-3 as a single layer three link; SW-2 
should be configured with an IP address of 10.1.23.2 .'24 and SW-3 should be configured 
with an IP address of 1 0.1 .23.3 .'24. These ports should NOT negotiate using LACP or 
PAgP. 



Note when configuring layer 3 EtherChannels, 1 recommend the order of operation 
to be as follows: 

1. Default interface the physical interfaces 

2. Configure the interface port-channel 

3. Configure the port-channel interface with "NO Swi" and then configure the 
IP address 

4. Configure the physical interfaces with "No Swi" 

5. Assign the port-channel ID to the interfaces using the channel-group 
interface configuration command 

6. Reset the physical interfaces by using "Shut'' and "NO Shut" 

On SW-2 

SW-2(config)r*default interface range fO/23-24 

S\V-2iconfig)#int port -channel 23 
S W-2(config-if)#NO sw itch port 
SW-2(oomfig-if)#ip addr 10.1.23.2 255.255.255.0 

SW-2(config)#int range ffl/23-24 
S\V-2(config-if-rangc)# NO sw heliport 
S W- 2( co n fig- if- range )# channel-group 23 mode on 
S\V-2(config-if)#NO shut 

On SW-3 

SVV-3(config)sdefauIt interface range fO'23-24 

SW-3(config)#int port -channel 32 
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S W- 3( co n fig- if)#N( ) m i teh p a rt 

SW-3(config-ifl#ip ad dr 10.1.23.3 255.255.255.(1 

SW-3(config)#int range ffl'23-24 
SW-3(config-if-rangc)#Gaannel-group 32 mode on 

Note if the "No Snitchport" interface command is NOT configured, you should see 
the following error: 

Command rejected (~I*ort-chattnel32, FaO/23): Either port is L2 and port-channel is L3, or vice- 

versa 

% Range command terminated because it faffed on h'astLthernet(}/23 

SW- 3(contig-if-rangc)#-NO swi 
SW-3(config-if-rangc)#Gaannel-group 32 mode on 
S\V-3(coniig.ii-rangc)# NO shut 

On SW-2 and S\\ -3 

SW-3(config)#int range ffl/23-24 
S W- 3( co n fig- if- rangc)#Sh ut 
S\V-3(config-if-rangc)# NO shut 

10 verify and test the configuration: 

On SW-2 

SW-ZftShow Ethcrchannc: summary B Number 

Number of channel-groups in use: 3 
Number of aggregators: 3 

Group Port-channel Protocol Ports 

21 Po21(SU) PAgP Fa0719(P) Fa0.20(P> 

23 Fo23{RU) - Fa(»23(P) Fa 0/24 (P) 

24 Po24(SL') PAgP FaD/21(P) Fa0 22i;P) 

On SW-3 

SW-3*Ping 10.1.23.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echosto 10.1.23.2, timeout is 2 seconds: 
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Success rale is 80 pereenl (4/5), round-trip min/avg/rnax = 1/1.' 1 ms 



Task 10 

Erase the startup configuration and vlan.dat before proceeding to the next lab 
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Lab 3 








Basic 3560 continuation I 






Task 1 




Shutdown ports FO/21 - F0'24 on Switch 1 and 2. 






On Both Switches 








Switch(config)#int range FQ-'2 1 -24 








S witc h( co n tig - if- rangc)# Sh u t 








To verify the configuration: 






On Both Switches 




Switch#Show int status 








Port Name Status Vlan Duplex Speed Type 








FaO/'l connected I auto auto 10/ 100BaseTX 








FaO/2 connected I auto auto 10/ 100BaseTX 








FaO/3 connected I a-full a-100 10 100BaseTX 








Fa0/4 connected 1 a- lull a-100 10, 100BaseTX 








FaO/5 connected 1 a- full a-100 10/ 100BaseTX 








FaO/6 connected I a- full a-100 10/ 100BaseTX 








FaO/7 notconncct 1 auto auto 10/ 100BaseTX 








FaO/8 notconncct I auto auto 10/ 100BaseTX 








FaO/9 notconncct 1 auto auto 10. 100BaseTX 








FaO/10 connected 1 a-fLill a-100 10/ 100BaseTX 








FaO/'ll notconncct I auto auto 10/ 100BaseTX 








Fa0/12 notconncct I auto auto 10/ 100BaseTX 








FaO/13 notconncct I auto auto 10/ 100BaseTX 








FaO.T4 notconncct 1 auto auto 10/ 100BaseTX 








FaO/15 notconncct 1 auto auto 10/ 100BaseTX 








FaO/16 notconncct I auto auto lOTOOBascTX 








FaO/17 notconncct 1 auto auto 10/lOOBascTX 








FaO/18 notconncct 1 auto auto 10/ 100BaseTX 








FaO/19 connected 1 a- Hill a-100 10/ 100BaseTX 








FaO/20 connected 1 a- full a-100 10/ 100BaseTX 








FaO/21 disahlcd 1 auto auto 10/ 100BaseTX 








I-'aO 22 disabled 1 auto auto lOTOOBascTX 






O 
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FaD/23 disabled ] 


auto auto ]0: '100BaseTX 


Fat) 24 disabled ] 


auto auto 10/ 100BaseTX 


f 77;? re.vf o/f/je output is omitted) 





Task 2 

Configure the first Switch to be in VTP domain called CCIE, this information should be 
propagated to Switch 2 via VTP messages. You can use any encapsulation or tagging to 
accomplish this task. 



Before assigning a VTP domain name, there must be a trunk established between the 
two switches so the configurations will be propagated to the other switch. 

On both snitches 

Switches how interface trunk 

Switch* 

Note the two 3560s switches are connected with 2 cross over ethernet cables, if these 

switches were 3550s, the two ports would have negotiated an ISL trunk, actually they 

would show up as "n-isl", this is because by default the ports are configured in desirable 

mode. With 3560 switches, the ports are not in desirable mode, a "show int I0.T9 

sw heliport" will reveal that by default the ports are configured in "Auto" mode (The 

Administrative Mode), and therefore, the port's must be configured statically to trunk 

or negotiate a trunk. 

On Both switches: 

Switches how cdp neighbors. 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host J - IGMP, r - Repeater, P - Phone 



Device ID 
Switch 

Sv. :tch 



Local Intrfcc 
Fas 20 
Fas 0, 1 9 



Hokltmc Capability 
178 SI 

177 SI 



Platform Port ID 
\VS-C3560-2Fas 20 
\VS-C3560-2FasO-19 



Note the "Show cdp neighbors" command reveals the ports connecting the two switches. 

The output may be different depending on the ports of the routers connecting to these 
switches: in this case the ports on the routers are in Shutdown mode. 
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On Both switches: 

Switch(conn"g)#int range 10' '19-20 

Switchtcontig-if-rangcYf^switehport trunk encapsulation isl 
Switchfconiig-if-rangc^switchport mode trunk 

To verify the configuration: 

On the first switches: 

Switches how ant trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on isl trunk ing 1 

FaO/20 on isl trunk ing 1 

Port Vlans allowed on trunk 
FaO,' 19 1-4094 
FaO 20 1 -4094 

Po rt V Ian s al lowed and ac ti vc i n ma nagc men t d mai n 

FaO 19 1 
FaO/20 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1 
FaO/20 none 

Now that the trunk is established between the two switches, therefore, the VTP 
configuration will be propagated via VTP messages: 

On the first switch 

Switch(config)#VTP domain CCIE 

By default the 3560 switches are member of a domain called NULL, therefore, after 
entering the above command, you will get the following message unless the switch was 
member of another domain: 

Changing VTP domain name from XL'LL jo CCIE 

This task could also be accomplished within the "VLAN database" as follows: 
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Switch#Vlan database 
Switch(vlan)f#\'tp domain CCIE 
S witc h( v lan)# Ex it 

When any eon figuration is performed in the Vlan database, you must configure the 
"exit" or the "apply" command for the changes to take effect. 



Note the output of the following show command reveals that VTP propagated the VTP 
domain information to the second switch: 

On the second switch: 

Switches h vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLANs supported loc-ally : 1 005 

Number ofcxisting VLANs : 5 

VTP Operating Mode : Server 

VTP Domain Name : CCIE 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatcr ID is 0.0.0.0 (no valid interface found) 



Task 3 

This VTP domain should be password protected using "Cisco" as the password. 



On both switches 

Switchfconfig^VTP password Cisco 

You should get the following message: 

Setting device VLAN database password to Cisco 

Note, if a domain name is not assigned to the snitches and the default name of 
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"NULL'" is used, a pass\>ord can not be assigned. 

The "VTP password" command can he entered in global configuration mode, 

privilege configuration mode or in the VLAN database mode. 

The password command must be configured statically on both switches because this 

change will NOT get propagated via VTP messages. 

To verify the configuration: 



On the First switch 
Switches how vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLAXs supported locally : 1005 

X u mb cr o f c x 1st ing V L A X s : 5 

VTP Operating Mode : Server "* The mode is server by default 

VTP Domain Xamc : CCIE 4 The domain name 

VTP Pmning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x1 4 OxTD 0x1 5 0x09 OxDC 0x39 0x65 0xC2 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatcr ID is 0.0.0.0 (no valid interlace found) 

VTP password can be changed in three ways: 

Privilege mode: 

Switch#vtp password Cisco 

Vlan Database: 

Vlan database 
Vtp password Cisco 
Exit 

Global config mode: 

Switch(config)#vtp password Cisco 

On the Second switch 

Sv. udvShoy. \tp si.lli.us 
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VTP Version : 2 
Configuration Revision : 
Maximum VLANs supported locally : 1005 
Number of existing VLANs : 5 




\ TP Operating Mode : Server * I lie mode is server by delauK 


\ J J UUII.lu.-I I ->aliJI_ - H— IE. ~ 1 lit LI U 1 1 J ill II IIliIIIL 

VTP Pruning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatar ID is 0.0.0.0 (no valid interface found) 

On any of the switches: 

S w itc h" Show VTP p assw o r d This verifies th e p a ss w i»rd. re ra e m be r 

^r^^^ Spates will nol shem 
VTP Password: Cisco 




Task 4 

The first Catalyst switch should be configured with a hostname of Cat- 1 and the second 
Catalyst should have a hostname of Cat-2. 






On the first Switch 
Switchfconlig .^Hostname Gat-] 

On the Second Switch 

Switch(contig)#Hostnamc Cat-2 




e< 


Task 5 

Cat-2 should NOT have the ability to create, delete orrcnamc VLAK or any VLAN 
information. 
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On Cat-2 

Cat-2(coniig)#Vtp mode client 

This configuration can be performed in the vlan database or global con fig mode.. 
The above command displays the command as it was entered in the global conflg 
mode. If you are asked to enter the command in the vlan database, you must first 
enter the "vtp database'" command in the privilege mode, then, enter " vlp client 1 " 
and lastly the "exit"' command is entered so the changes can take effect. 

Once the command is entered you should get the following message: 

Setting device to VTP CLIENT mode. 

VTP Modes: 

The switches can operate in three VTP modes and they are as follows: 

> SERVER - The switch is able to delete, create, or rename VLAN 
information. Catalyst 35 6 CI in server mode participates in the VTP 
domain and propagates the VLAN information. 

> CLIENT - In this mode the switch is able to receive and process the 
VTP messages, but they are not able to create, delete, or rename 
VLAN information. They can assign a port to a given VLAN that 
already exists. Catalyst 356(1 in client mode participates in the VTP 
domain and propagates the VTP messages. 

> Transparent — In this mode the switch is able to create, delete and 
modify the VLAN information but it will not propagate its VLAN 
information to other switches. Catalyst 356(1 switches in this mode do 
NOT participate in VTP domain. A Catalyst 3560 switch must be in 
this mode in order to create the extended-range VLANs (1006 -4094), 
this configuration can only be performed in the global contlg mode 
and NOT in the Vlan database. 



Task 6 

Create and configure the following VLAN assignments on the switches: 
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Router Interface 


VLA.N number 


CA'l' Switches Port 


Rl - FO/0 


12 


Cat-1 F0/1 


R2 - FO/0 


12 


Cat-1 F0/2 


m - FO/0 


34 


Cat-1 Fl) 3 


R4 - FO II 


34 


Cat- 1 FO/4 


R5 - FO/0 


56 


Cat-1 F0 5 


R6 - FO/0 


56 


Cat-1 FO/6 



On Cat-1 




Cat- l(con%)#intcrtacc range fO/1 -2 
Cat- l(config-if)#s witch mode access 
Cat-l(config-if>switch access vlan 12 


Cat-](config)#intcrfacc range 1*0 3 -4 
Cat- l(config-if)#s witch mode access 
Cat-l(CCmfig-if)#SWitL'h aeeess vlan 34 


Cat-l(config)#intcrfacc range FO 5 - 6 
Cat-l(config-if)#switch mode aeeess 
Cat- l(coniig-if)#s witch aeeess vlan 56 


Note the Vlan information will be propagated to the other switch (Cat-2), 
because both switches are in the same VTP domain and they are both 
configured with the same password. 


On Cat-2 




Cat-2#Show vlan brie I Exc unsup 




V L A N N amc S t at us 


Ports 


I default active 


FaD/l,FaO/2, Fa0/3 t FaO/4 
Fall 5, FaO/6, FaO/7, FaO/8 
F aO/9 , FaO/ 1 € , Faf )/ 1 1 s FaO/ 1 2 
FaO/ 13, FaO/ 14, FaO/ 15, FaO/ 16 
FaO/ 17, FaO/ 18, FaO/23, FaO/24 
Gi(yi s GiO/2 


12 YLAX0012 active 
34 VLAX0034 active 
56 VLAN0056 active 
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Cat-2#Sho\v VTP Status 






VTP Version 




:2 


Co nfigu ration Revision 




:3 


M ax im u m V L AN s su p p a rt cd loc-al ly 


: 1 005 


X umber of existing VLAXs 




:g 


VTP Operating Mode 




: Client 


VTP Domain Name 




:CC1E 


VTP Pruning Mode 




: Disabled 


VTP V2 Mode 




: Disabled 


VTP Traps Generation 




: Disabled 


MD5 digest 




: 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 


Oxl D 






Configuration last modified 


by 0.0.0.0 at .3-1-93 00:06:1 


Local updatcr ID is 0.0.0.0 ( 


no valid 


interlace found) 


On Cat-1 






Cat- WSkom VTP Status 






VTP Version 




2 


Configuration Revision 




:3 


Maximum VLANs support c 


d locally 


: 1005 


Number ofcxisting VLAXs 




: 8 


VTP Operating Mode 




: Server 


VTP Domain Name 




:CC1E 


VTP Paining Mode 




: Disabled 


VTP V2 Mode 




: Disabled 


VTP Traps Generation 




: Disabled 


MD5 digest 




: 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 


0x1 D 






Configuration last modified 


by 0.0.0.0 at .3-1-93 00:06:1 


Local updatcr ID is 0.0.0.0 ( 


no valid 


interface found) 


Note, the VTP version is 2, 


Configuration revision is 3, number of existing 


VLAXs is S on both snitch 


es, (because they are synchronized), and the reason 


the VLAN information was prop ay 


ated is because the VTP domain name and 


the password is identical on both switches and the snitches are trunked. 
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Task 7 

Configure Loopback and Loopback I interfaces on Cat-1, use the IP address of 1.1 
/8 and 11.1.1.1 .8 respectively and ensure that ONLY the 1 P address of Loopback I 
interface is used as the preferred source for the VTP IP updatcr address. 



Note in the previous Task when the "show vtp status" command was entered on 
Cat-1, the last line of the output displayed "no valid interlace found'". 
Catalyst switches will use the IP address of the lowest physical interface number, 
if one does not exist, then loop hack interface will he used as the source of all 
VTP messages, but this behavior can be change by using the "VTP interface 
Loopback 1'" global con fig command. 

On Cat-1 



Cat- l(ODnfig)# Interface Loopback 

Cat- l(config-it> lp address I . I . I . I 255.0.0.0 

Cat- 1 ( con %)# Interface Loopback I 

Cat- l(conng-ii)# lp address 11.1.1.1 255.0.0.0 

Cat- If* Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

Number of existing VLANs : 8 

VTP Operating Mode : Server 

V TP D o mai n N amc : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC Ox ID 

Configuration last modified by 0.0.0.0 at 3-1-93 00:06: 1 I 

Local updatcr ID is 1.1.1.1 on interface LoO (first Iayer3 interface found) 

Note Loopback (I is used as the source of all VTP messages. Enter the following 
command to change the source to Loopback 1 interface: 

Cat-1 (co n%)# Vtp interface l.oopbackl ONLY 

Note the "ONLY" argument makes this interface mandatory. YOU MUST 
TYPE LOOPBACK1 OR LOl, OR ELSE IT WILL NOT WORK, the 1 OS will 
take LI but it WILL NOT WORK. 
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To verify the configuration: 

On Cat-1 

Cat-l#Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

X u mb cr a 1* c x ist ing V LAX s : 8 

VTP Operating Mode : Server 

V TP Do mai n X amc : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 0x1 D 

Configuration last modified by 0.0.0.0 at 3-1-93 00: 1 8:54 

Local updater ID is 11.1.1.1 on interlace Lol (preferred interlace) 

Preferred interlace name is loopbackl (mandatory) 

On Cat -2 

Cat-2r*Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

Xumbcr of existing VLAXs :8 

VTP Operating Mode : Client 

VTP Do mai n Name : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxF 1 0xF9 OxFE 0x21 OxCC 0x1 D 

Configuration last modified by ().(!.(».» at 3-1-93 (10:22:29 

Note this change has not been propagated, therefore, to force the propagation of 
this change, a VLAN is created, in this case VLAN 80, so you can see that the 
change was made by the Loophack 1 interface with an IP address of 11.1.1.1 on 
Cat-2. This VLAN should be deleted before proceeding to the next task. 

On Cat-1 
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Cat.](con%)#Vlan 80 








Cat- l(con%-vlan)f#Exit 








To verify the configuration: 








On Cat-2 








Cat-2#ShDwvtp status 








VTP Version 


2 






Configuration Revision 


:4 






Maximum VLANs supported locally 


: 1005 






Number of existing VLANs 


:9 






VTP Operating Mode 


: Client 






VTP Domain Name 


:CC1E 






VTP Paining Mode 


: Disabled 






VTP V2 Mode 


: Disabled 






VTP Traps Cicncration 


: Disabled 






MD5 digest 


: 0x02 0x05 


cm: 


0x34 OxFO OxCO 0x35 0x9D 


Configuration last modi lied by 11.1 


.1.1 at 3-1-93 00:34:33 


On Cat-1 








Cat- l(conng')#No vlan 80 









Task 8 

Re-configure the trunk between the two switches such that none of these switches use 
DTP to negotiate this trunk. 



On Both Switches 

(config^ntcrfacc range F0 1 9-20 
(config-if-range)#Switchport nonegotiatc 

Note the ports must be in trunk mode before the "nonegotiate" command is entered, 
or else the following error message will be received: 

Command rejected: Conflict between 'nonegotiate' and 'dynamic' status. 
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A poil can be configured as follows: 

Sialic Access - This port can belong to ONLY one VLAN, and it's manually 
assigned to a given VLAN. 

Trunk - A trunk port by default is member of all normal range VLANs 1-1(1(15 (but 
note that VLANs 1, 10(12 - 1(1(15 are automatically created and can not be removed, 
onlj 2 to ll'DI can be niantialh created, these VLANs are kept in the VI.AN.DAT). 

This also includes the extended-range VLANs (1(106 - 4094), and this membership 
can be limited by configuring the "alltwed-vlan " command. This poil can be 
encapsulated by ISL or tagged by 802. lq. 

Dynamic Access — A dynamic access port can only be a member of one normal 
VLAN, and these ports are dynamically assigned to a given VLAN by a VMPS. 

Voice VLAN - This is an access port connected to an IP phone such as Cisco's 7960, 
and this VLAN is used for Voice traffic. 

Pot lu -Tunnel — These are tunnel ports and are used for 8(12. lq tunneling to 

maintain customer VLAN integrity across a service providers network. A tunnel 
port is configured on an edge switch in the service providers network and it's 
connected to an 802. lq trunk port on a customer snitch's interface, a tunnel port 
belongs to a single VLAN that is dedicated to tunneling. 

'I'o vL'rifv thf eonfiauratiini: 

On Cat-1 

Cat- l#Sh interfaces It) 1 9 switchport 

Name: FaO/19 
Switchport: Enabled 
Administrative Mode: trunk 
Operational Mode: trunk 
Administrative Trunking Encapsulation: isl 
Operational Trunking Encapsulation: isl 
Negotiation of Trunking: Off 
i The rest of the output is omitted) 

Cat-lr*Sh interfaces ft) 20 switchport 

Name: FaO 20 
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Switchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunk ing Encapsulation: isl 

Operational T run king Eneapsulation: isl 

Negotiation oI'Trunking: Off 

i The rest of the output is omitted/ 



Task 9 

Configure the switches such that Hooded traffic is restricted to the trunk links that the 
traffic must use to reach the destination device. 



To see the default setting: 














On Cal-2 














Cat-2#Show vtp status 














VTP Version 


; 


: 










Configuration Revision 




5 










Maximum VLANs supporter 


locally 


: 1005 










Number of exist ing VLANs 




8 










VTP Operating Mode 




: Client 










VTP Domain Name 




:CC1E 










VTP Pruning Mode 




: Disabled*— _ 










VTP V2 Mode 




: Disabled 




Prun 


is 


s disabled 


VTP Traps Generation 




: Disabled 










MD5 digest 




: 0x97 0x9D OxFl 


0xF9 OxFE 0x2 


10s 


CC 0x1 D 


Configuration last modified by 11.1.1 


. 1 at 3-1-93 00: 12 


48 








Note \TP Pinning is disabled by default, enter the follow in 


1 command to enable 


VTP pruning: 














On Cat-1 














Cat-l#Vtp pruning 














This command can be conli 


gured in privilege mode. 


Global 


con fig ]i 


odt 


, and/or in 


the Vlan database. Once th 


s feature is enabled it ni 


1 uet pi 


opauated to 


the other 
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switches within the VTP domain. 

To verify the configuration on both switches: 

On Cat-2 

Cat-2*Show vtp status 

VTP Version : 2 

Conligurution Re\ :s:on : 5 

Maximum VLANs supported locally : 1005 

Number ofcxisting VLANs : 8 

VTP Operating Mode : Client 

VTP Domain Name : CC1E 

VTP Pruning Mode : Enabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxF 1 0xF9 OxFE 0x21 OxC C 0x1 D 

Configuration last modified by I I . I . I . I at 3-1-93 00:12:48 

Note \TP messages propagate the change through the entire VTP domain. 



Task 10 

Configure Cat- 1 and Cat-2 such that only the trunk ports ( F0T 9 and Ffl'20) and the ports 
that routers Rl to R6 arc connected arc in use, the rest of the ports should be configured 
in administratively down state 



On Both Switches: 

(cnfigplnt range ffi'7-18 , F0 23-24 
( co nfig- i t-rangc)# S hu t 



To verify the configuration: 



On Cat-1 



Cat- 1#S||DW inter status Inc disab.c 



FaO/7 disabled I auto auto 10 1 OOBascTX 
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FaO/8 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/9 


disabled 


auto 


auto 


10 100BaseTX 


FaD/10 


disabled 


auto 


auto 


10 1 OOBascTX 


FaQ/1 1 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/12 


disabled 


auto 


auto 


10/ 100BaseTX 


FaD/13 


disabled 


auto 


auto 


10 100BaseTX 


FaO/14 


disabled 


auto 


auto 


10. 100BaseTX 


FaO/15 


disabled 


auto 


auto 


10/ 100BaseTX 


FaD/16 


disabled 


auto 


auto 


10/1 OOBascTX 


FaQ/17 


disabled 


auto 


auto 


10 100BaseTX 


FaQ/1 8 


disabled 


auto 


auto 


10. 100BaseTX 


FaO/21 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/22 


disabled 


auto 


auto 


10/1 OOBascTX 


FaO 23 


disabled 


auto 


auto 


10 100BaseTX 


FaO/24 


disabled 


[ auto 


auto 


10 100BaseTX 



Task I I 

Ensure that Cat-] is the root bridge for the VLANs 12, 34 and Cat -2 is the root bridge for 
VLAX 56. Do XOT use the "priority" command to accomplish this task. 



There are two commands that 


can be used to d 


i splay the BID for a 


given switch: 


> 


Show version 












> 


Show spanning-l 


ree bridge 










On Cat-1 














Cat- 1 "Show- 


version 1 Inc Base 












Base cthcrnct MAC Address 


:00:1B:D4:59:A6:00 








The follow in 


g command revea 


s the base MAC 


address 


of the 


swit 


L'h: The BID is a 


combination 


of priority and th 


e base MAC address. 








Cat- [#Skjw 


spanning- tree bridg 


j 


Hello 


Max 


Fwd 




Vlan 


Bridge ID 


Time 


Age 


Dly 


Protocol 


VLAX0001 


32769 (32768, 


1) 001b. d4 59. a 


600 2 


20 


15 


iccc 


VLAN00I2 


32780 (32768, 


12)001b.d459.a 


600 2 


20 


15 


1CCC 
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VLAN0034 32802 (32768, 34) 001b.d459.a600 2 20 15 iccc 

VLAN0056 32824(32768, 56) (I01b.d459.a600 2 20 \5 iccc 

Note the priority starts with 32768, each VLAN that is created adds it's VLA\ number to 
the default priurity value (If the base priority and the VLAN number is added within the 
parenthesis, the sum will be the priority for that given VLAN), VLAN 12 adds 12 to the 
default priority value therefore the priority is 3278(1 and VLAN 34 adds 34 to the default 
priority value, therefore, the priority is 32802. Note that the MAC is the base MAC address 
and it remains the same, in this case (001b.d459.a600). 
Note your MAC address maybe different. 

Enter the following command to reveal the BID and the mot bridge for a given VLAN: 

On Cat-1 

Cat- l"Sho\v spanning- tree vlan 12 

VLANOO i 2 
Spanning tree enabled protocol iccc X The MAC address of the root bridge 

Root ID Priority 32780 ^X 

Address 001 l.hheh.8780 

Com I 1 -) 

Port 21 (FastEthcrnctQ'19) 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 32780 (priority 32768 sys-id-cxt 12) 
Address 001b.d459.a600 

Hello Time 2 sec Max AgciTKsec Forward Delay 15 sec 
Aging Time 300 ^\ 



""'•■ The .Mliu LiddruHH ol' I lie local Hivilcii 
Interface Role Sts Cost Prio.NbrTypc 

FaO. 19 Root FWD 19 128.21 P2p 

Fa0/20 Altn BLK 19 128.22 P2p 

Enter the following commands to configure Cat-1 to be the root bridge for VLANs 12 and 
34: 

On Cat-1 

Cat- 1 ( co nlig)f*S panning -tree vlan 12,34 root primary 

The above command configures Cat-1 to be the root for VLANs 12 and 34: the "root" 
keyword is a macro that reduces the BID of the switch for a given VLAN by a value of 81 92 
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(The lower value is the preferred value). There are no spaces between the 12 and the comma 
and the 34. 

Cat- L#SjffljW spanning-trcc v.an 1 2 

YLAX0012 Note 32768+12-8192 = 24588 

Spanning tree cnabxd protocoj-ifcee 
Rcx.it ID Priority 24588 ' 

Address 001b.d459.a600 

This bridge is the mot 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge 1 D P ri o r i ty 24 5 8 8 (p rio rity 24 5 7 6 sy s- id -cxt 1 2 ) 
Address 00lb.d459.a600 

Hclk) Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 

Interface Role Sts Cost PrioJNbr Type 

FaD/19 DcsgF\VD19 128.21 P2p 

FaO/20 Dcsg FWD 1 9 128.22 P2p 

On Cat-2 

Cat-2(contig)mrSpanning-tree vlan 56 root primary 
To verify the configuration: 

On Cat-2 

Cat-2#Show spanning vlan 56 

VLAN0O56 

Spanning tree enabled protocol iccc 
Root ID Priority 24632 

Address 001 l.bbeb. 8780 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 24632 (priority 24576 sys-id-cxt 56) 
Address 0011.bbeb.8780 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 
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] ntcrtacc Ro \c Sts Co st Prio . N br Typ e 

FaD .19 DcsgF\VD!9 128.21 P2p 

FaO/20 Dcsg FWD 19 128.22 P2p 



Task 12 

Cat- 1 should be configured such that the ports that routers Rl to R6 arc connected will 
bypass listcningand learning state If any of these ports receive BPDL' packets, they 
should transition into crrdisablc state. Use minimum number of commands to accomplish 
this task. This configuration should only be applied to the ports that the routers Rl - R6 
arc connected to as well as any future port that has this feature enabled. 



On Cat-1 

Cat- l(config)#Spanning-lree portfast bpduguard default 

C at- 1 (con tig )#1 ntcrtacc range FO'l - 6 
Cat- l(conflg-if)#Spanning-trcc port fast 

Once the "Spanning- tree portfast'" command is entered you should see the following 
warning message: 

%Warnlng: portfast should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc... to this Interface when 
portfast is enabled, can cause temporaiy bridging loops. 
Use with C ALT! ON 

%Portfast will be configured in 6 interfaces due to the range command 
but will only have effect when the interfaces are in a nan-trimking mode. 

The " spa nning-tree portfast bpdu guard default"" command in global con fig mode 
will shut the port down in err-disable mode if any portfast enabled port receives 
BPDU packets. 

To verify the configuration: 



On Cat-1 



Cat-lftSh spanning-trcc interface ft) ''I portfast 
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VLAN0012 enabled 

Note if the output of the above show command states "no spanning tree info 
available for FastEthernelO/1", it only means that the FO'U interface of Rl is in 

Shutdov>n mode. 

To test the configuration: 

On SW2 

Cat-2i'conlig)#spanning-tree portfast hpdu guard default 

Cat-2(conlig)#int 10/23 
Cat-2(config-if)#swi mode ace 
Cat-2(contig-it)r ! spanning-ti"ee portfast 
Cat-2('conng-if)*\o shut 

Note if the 111/23 interface of Switch 3 is enabled, it will generate RPDUs and because 
of this configuration, F0/23 interface of SVV-2 will transition into err-disable mode, 
as follows: 

On Switch 3 

Switch(config)#int 111/23 
Swifcch(oonfig-if)#NO shut 

On Cat-2 

Villi should seethe following messages: 

l} ASPANTREE-2-BLOCK_BPDUGUA RD: Received BPDU on port FastEthernetO/23 
with BPDU Guard enabled. Disabling port. 

%PM-4-ERR_D!SABLE: hpduguard error detected on FaO/23, putting FaO/23 in err- 
disable state 

To verify that inter tit ci 1 fu723 is in err- disable mode: 

On Cat-2 

Cat-2*Sh inter It) 23 status 

Port Name Status Man Duplex Speed Type 

Fad 23 err-disablcd I auto auto 1 6 ■' 100BaseTX 
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To change the configuration back: 

On Cat-2 

C at -2( con %)#>"() spa lining -tree port fast bpdu guard default 

Cat-2(config)#int ffi'23 

Cat-2(config-if)#Shut 

Cat-2(config-if)#NO spanning-tree portfast 



Task 13 

Cat-2 should be configured such that the ports that routers Rl to R6 arc connected (FO.'l - 
FO/6) will bypass listening and learning state. If any of these ports receive BPDL" packets, 
they should no longer bypass their listening and learning state. This configuration should 
apply to existing and future ports that arc configured as portfast. 



On Cat-2 

Cat-2(config)r*Spaiining-tree portfast bpdufiltLT default 

Cat-2(config)#lntcrfacc range FO.'l - 6 
Cat-2(config-if)r ! Spann.ing-tree portfast 

When BPDl Filter is enabled globally, it will apply to all portfast enabled interfaces: 
If any portfast enabled interface receives BPDLs, it will bypass listening and 
learning state, \\hich means that it will loose it's portfast state. 



Task 14 

You received a request from the IT department to monitor and ana'.yzc all the packets 
sent and received by the host connected to port FQ 1 4 on Cat- 1 : yo u have connected the 
packet analyzer to port FO 15 on the same switch. Configure the switch to accommodate 
this request. 



On Cat-1 
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Cat- I(conng)#monitor session 1 source interface FQ/14 both 
Cat- 1 ( co n fig) ** monitor session 1 destination interface FUfc'TS 

Note the following: 

> 'There can only be rwa monitor sessions configured on a given switch 

> Their direction tcj monitor can be configured as Rx, Tx, or Both, Rx is 
for received traffic, Tx is for Transmitted traffic, and both is in both 
directions. Both is the default direction.. 

> To verify Enter the "Show monitor session 1" command. 

To verily the configuration: 



On Cat-1 



Cat- l#Show monitor session 1 



Session 



Type : Local Session 

Source Ports : 

Both : FaO/14 

Destination Porte : Fat).' 15 

Encapsulation : Native 
Ingress : Disabled 



Task 15 

You received another request from your IT department to keep track of all the MAC 
addresses that arc learned by Cat-2 port FO. 1 8. The switch must use the WIS located at 
192. 168. 1. 1 .'24: this switch should send a community string of "Private" with the 
notification operation. You should use an IP address of 2.2.2.2 .'8 to accomplish this task. 



On Cat-2 

Cat-2(conng)nSnmp- server host 192.168.1.1 traps Private 

%lP_SNMP-3-SOCKET: can't open UDP socket 

Unable to open socket on port 161 

Note since this suitch is not configured with an IP address, it will fail to configure 
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the Srtmp server. Therefore, an IP address should he eon figured he lb re entering the 
"snmp-server'" command as follows: 

Cat-2(config)#lnt IflQ 
Cat-2(config-ii>«p addr 22,2.2 255.0.0.0 

The following command identifies he N.MS and sends a community string of Private 
with the notification operation. 

Cat-2(config)#snmp- server host 192.168.1.1 traps Private 

The following command configures the switch to send mac- address traps to the 
VMS: 

C at - 2( co n fig )~ snmp-server enable traps mac-notification 

Cat-2(config)#lntcr ffl/18 

Cat-2(config-if)#snmp trap mac-notification added 

The above command enables the SNMP trap on interface F0T8 and configures the 
switch to send MAC notification traps whenever a MAC- address is added. If the 
switch must be configured to report the MAC addresses that are learnt and expired, 
then " snmp trap mac-notification change removed" command must also he 
configured. 

To verify the configuration: 

On Cat-2 

Cat-2#Sho\v mac -address-table notification inter it).' 18 

MAC Notification Feature is Disabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctO/18 Enabled Disabled 

Note the mac-notification is disabled, the following command will enable the mac- 
notiilcation on the switch: 

Cat-2(config)#mae address-table notification 

To verify the configuration: 
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On Cat-2 

Cat-2#Show mac-addrcss-tablc notification interface FO 18 

MAC Notification Feature is Enabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOlS Enabled Disabled 



Task 16 

Configure Cat-2's port FQ'14 to limit the amount of bandwidth utilization for broadcast 
traffic to 50%, 



On Cat-2 

C at -2( con fig ^Interface FO' 1 4 
Cat-2(config-if)r ! Slorm-eontrol broadcast level 50.0(1 

Storm-control can be used lor Broadcast, Unicast and Multicast traffic, this 
command specifies traffic suppression level for a given type of traffic for a 
particular interface. The level can be from to 1(10 and an optional fraction of a 
level can also be configured from (I — 99. A threshold value of 100 percent means 
that no limit is placed for the specified type of traffic: a value of 0.(1 means that the 
particular type of traffic is blocked all together. 

On 3550 switches v>3iuni lire rale- o I' Multicast traffic exceeds a predefined tlircshokL 
all incoming traffic ('Broadcast. Multicast and t.nicaslf is dropped until tire level of 
Multicast traffic is dropped behm the threshold level.. Once this occurs, onh the 
Spanning- tree packets are foruarded. When Broadcast or Unicast thresholds are 
exceeded, traffic is blocked for only the type of traffic that exceeded the threshold. 

To verify the configuration: 

On Cat-2 

Cat -2^ Show storm- control fll'14 broadcast 

Interface Filter State Upper Lower Current 
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Fat).' 14 Forwarding 50.00% 50.00% 0.00% 

If you get "Link Down" as Filter State, the port might he down. 






Task 17 

Mac addresses learnt dynamically by these two switches should not stay in the MAC 
address table if they arc inactive ibr longer than 10 minutes. 






By default the .MAC addresses that are inactive will expire within 300 seconds, this 
task is asking for a 10 minutes threshold, 10 minutes equates to 600 seconds: the 
following command sets the idle timer to 10 minutes: 

On Both Switches 

(config)#Mac address-tahle aging- time 600 

To verify the configuration: 

On Both Switches 

#Sh mac address- tabic aging- time 
Vlan Aging Time 




1 600 
12 600 
34 600 
56 600 




Task IS 

For management purposes, assign an IP address of 10.1.1.11 24 to Cat-1. with a default 
gateway of 10.1. 1.100 ;24. 






On Cat-I 




cc 
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Cat- l(config)?*Inler Man 1 

C at- 1 ( co n%-it>]p address 10.1.1.1 1 255.255.255.0 

Cat-l(config-il)r*Xo shut 

Cat- l(config)#lp default-gateway 10.1, 1. 100 
To verify the eonfig uratiuro: 

On Cat-1 

Cat-l*Sh ip interlace vlan 1 

Vlanl is up t line protocol is up 

Interne! address is 1(1.1. 1.1 1/24 

Broadcast address is 255.255.255.255 

Address determined by setup command 
{The rest of the output is omitted) 

Cat- InSh ip route 

Default gateway is 10.1.1.100 

Host Gateway Last Use Total Uses Interlace 

1CMP redirect cache is empty 



Task 19 

Configure routers Rl and R3 using the following IP addresses: 

> Rl - F0/0 = 10.1.12.1/24 

> R3-FO'0= 10.1.34.3 ..24 

Configure Cat- 1 to route between VLAX \1 and 34, use ping to \crA\ the 
communication. The gateway for VLAX 12 should be configured to be 10.1.12.1 DO, and 
the gateway lor V LAX 34 should be configured to be 10.1.34.100. 



On Kl 

RlfconfigWntcrtacc FO/0 

Rl(config-il>]p address 1 0. 1 . 



2.1 255.255.255.0 
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R 1 (con fig- il>No shut 

Rl(config)#Ip route 0.0.0.0 0.0.0.0 10.1. 12.100 

On K3 

R3(config)#Interfe<« FO/0 

R3(config-il>lp address 10.1.34.3 255.255255.0 

R3(config-if)#No shut 

R3(config)#]p route 0.0.0.0 0.0.0.0 10.1.34.100 

On Cat-1 

Cat- l(cOnfig)#Ip routing 

Cat- 1 (co n fig )#1 n tcrfac c V Ian 1 2 

Cat-l(con%-il>lp address 10.1.12.100 255.255.255.0 

Cat- I (conng)#In tcrfac c Vlan 34 

Cat- 1 ( co n fig- i fl#l p add rcss 10.1.34.100 25 5.255255.0 

A Switch ViftUSl Interface (SVI) represents a VLA.\ of snitch ports as one 
interface to the routing. Only one SVI can be associated with a VLAN. This is 
necessary when configuring InterVlan routing. 

When creating an SVI for a VLAN, the desgnated number must match the 
VLAN number. 

To verify the configuration: 
On Kl 



Rl sPing 10.1.34.3 

Type escape sequence to abort. 

Sending 5 r 100-bytclCMP Echo s to 10.1.34.3, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg max = 1/24 ms 
On 1*3 

R3#Ping 10.1.12.1 
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Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.12.1, timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Note By default, IP routing is disabled on the switch and if the "IP Routing"" 
command is NOT enabled on Cat-1, the communication between Rl and R3 
can NOT occur. 



Task 20 

Remove the configuration from the previous step and configure IntcrVlan routing 
between YLANs 12 and 34. DC) NOT use SVlsto accomplish this task. F0 1 interlace of 
any router can be used to accomplish this task. Use the IP addressing from the previous 
task. Ensure to use an industry standard protocol's to accomplish this task. 



Since R5's Ftt is part of V LAN 56, R5*s Ffl/1 is used to accomplish this task. 

On Cat- 1 

Cat-l(config')#NO Interface Man 12 
Cat-l(conlig)^NO Interface Vlan 34 

On Cat-2 

Cat-2(coniig)#Intcrfacc F0 5 
Cat-2(config-if)#Switchport tmnk encap Dotlq 
Cat-2(conlig-il)rrSwitchport mode trunk 

On K5 

R5i;config)#]nterlacc FO/1 
R5(config-if)#No shut 

R5(config)#Int fflb'1.12 

R5fconl1g-il>Encap dotlq 12 

R5(config-if)f#lp address 1 0. 1 . 12. 100 255255.255.0 

R5(config)#Int ffl/1.34 

R5 (con fig- if)#E neap dotlq 34 

R5(config-if>]p address 1 0. 1 .34. 100 255255.255.0 
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To verify the configuration: 

On Rl & R3 
Rl#Cleararp 

On Rl 

Rl#Ping 10.1.34.3 

Type escape sequence to abort. 

Sending 5, 100-bytcICMP Echo b to 10.1.34.3, timeout is 2 seconds: 
i nu 

Success rate is 100 percent (5/5), round-trip rnin/avg'max = 1/1/4 ms 

On R3 

R3*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 



Task 21 

Configure Cat- 1 such that whenever the switch learns or removes a MAC address on its 
port FO/4, an SNMP notification is generated and sent to the WIS located at 192.1 68.1.1 
with a community string of CAT I . Since there arc many users coming and going from the 
network, set up a trap interval time to bundle the notification traps and reduce network 
traffic using the following parameters: 

> The traps should be generated every 30 minutes. 

> The trap should contain a maximum of 1 50 entries. 



This feature enables us to track users tin a network by storing the Mac address 
activity on the switch. Once configured, every time a MAC address is learned 
or removed an S\MP notification is generated and sent to the NMS. On a very 
busy network when lots of users come and go, the default behavior is that an 
SNMP trap is sent every second. Because this can consume bandwidth, there 
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are two parameters that can be configured to remedy this situation and they 
ail! as follows-: 

'r Mac address- table notification interval - This value specifics the 
notification trap interval in seconds between each set of traps that arc 
generated to the WIS. Default value is one second > and the range is — 
2,147,483,647 seconds. 

P Mac address-table notification history-size — Specifics the maximum 

number of entries in the MAC notification history table. The default value is 
1 , and the range is 1 — 500 entries. 

On Cat- 1 

Cat- 1 ( con fig )#Snmp- server host 192. 168. 1.1 traps CAT I 
C at- 1 ( co nfig)ffSnmp- server enable traps mac -notification 
Cat- l(config)#Mac-addrcss-tablc notification 
Cat- 1 (con fig )#Mac -address-table notification interval 1800 
Cat- l(config)#Mac-addrcss-tablc notification history-size 150 

Cat-l(config')#]ntf0/4 

Cat-l(config-if)ffSnmp trap mac-notification added 

Cat- I(conlig-if)ffSnmp trap mac -notification removed 

To verify the configuration: 



On Cat -I 

Cat- Iff Show mac -ad dress-table notification interface f0'4 

MAC Notification Feature is Enabled on the switch 

Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOTS Enabled Enabled 

Cat- Iff Show mac -address-table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 18(1(1 sees 
Number of MAC Addresses Added : 
Number of MAC Addresses Removed : 
Number of Notifications sent to NMS : 
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Maximum Number of entries configured in History Table : 150 

Current History Tabic Length : 
MAC Notification Traps arc Enabled 
History Table contents 



To verify the configuration: 



On K4 

R4(config)#int ffl/0 

R4(config-if>lP address 4.4.4.4 255.0.0.0 

R4(config-if)r# no shut 

R4*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

Note the purpose of the above configuration is to generate some traffic. The 
folio wing Shim command reveals that one MAC address was learned and 
added to the table. 

On SW I 

Cat-l"Sh mac- ad dress- table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1 800 sees 

Number of MAC Addresses Added : 1 

Number of MAC Addresses Removed : 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Table contents 



On R4 



R4(config)#int ffl/0 
R4fconfie-itVShut 



CCIE R&S b* Narbik Kuirharians 



Ad* ancLd CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All righb reserved 



Page 11 4 of 1068 













The output of the following show command reveals that one MAC address was 
removed. 

On Cat-I 

Cat-l#Sh mac- ad dress- tabic notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1800 sees 

Number of MAC Addresses Added : 1 

Number of MAC Addresses Removed : 1 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Tabic : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Tabic contents 








Task 22 

Optimize Cat-1 using the lb Ho wing policies: 

Cat- 1 should be configured such that its memory resources arc optimized for routing. 








Switch database management (SDM) are templates that can be configured to 
allocate memory resources in the switch for a specific feature depending on what the 
switch is used for in a given network. 
A switch can be configured to use one of the following templates: 

> A c c es s — L" scd for QO S c la ssi ficat io n and Sec uri ty. 

> Routing — Used for routing 

'r Vlan — Disables routing and sets the switch to be a layer 2 switch. 

> Extended-match — reformats routing memory space to allow 144-bit layer 3 
TCAM support needed for WCCP and/or multiple VR.F instances. 

On Cat-1 

Cat- l(config)#Sdm prefer routing 

You must reboot for these settings to take effect. 

Cat-1#WR 
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Cat- l#Rebad 






In Verify the configuration alter the rein 


dd: 




On Cat-1 




Cut- l#Show sdm prefer 






The current template is "desktop routing" template. 






The selected template optimizes the resources in 






the switch to support this level of features for 






8 routed interfaces and 1024 VLAN's. 






number of unicast mac addresses: 


3K 




number of IPv4 1GMP groups - multicast routes: 


IK 




number of IPv4 unicast routes: 


UK 




number of directly-connected IPv4 hosts: 


3K 




number of indirect IPv4 routes: 


8K 




number of IPv4 policy based routing aces: 


512 




number of 1 Pv4'\i AC qo s aces: 


512 




number of IPv4/M AC security aces: 


IK 




On Cat-2 






Cat-2#Sh sdm prefer 






The current template is "desktop default" template. 






The selected template optimizes the resources in 






the switch to support this level of features for 






8 routed interfaces and 1024 VLANs. 






number of unicast mac addresses: 


6K 




number of IPv4 1GMP groups- multicast routes: 


IK 




number of IPv4 unicast routes: 


8K 




number of directly-connected IPv4 hosts: 


6K 




n u mbcr o f ind irec 1 1 P v4 ro ut cs: 


2K 




number of IPv4 policy based routing aces: 







number ofIPv4/MAC qos aces: 


512 




number oflPv4/\lAC security aces: 


IK 




Note, the difference in memory allocation is revealed if the buffer 


allocation of Cat-2 


is compared to the Cat-1. 
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Task 23 

Create VLANs 30, 31 and 32 on Cat-1 and ensure that these VLANs can not traverse the 
trunk link between Cat- 1 and Cat-2. 



B\ default a trunk port sends and receives traffic from all VLANs, however, a given 
VLAN or VLANs can foe removed from the trunk link in order to prevent traffic from 
that VLAN/s from traversing over the trunk. 

On Cat-1 



Cat- l(config)#Vlan 30-32 
Cat- ](config-vlan)#cxit 

Before configuring the task we have to check to see if the VLANs that we just created 
can traverse the trunk link. 

Cat- l#Show interface trunk 

Port Mode Encapsulation Status Native vlan 

.'19 on isl trunk ing 1 

.'20 on isl trunk ing 1 

Po rt V Ian s al lowed o n t r u nk 
Fall.' 19 1-4094 
FaO/20 1-4094 

Port Vlans allowed and active in management domain 
FaO.I9 1,12,30-32,34,56 

Fa0/20 1,12,30-32,34,56 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 LI 2,34,56 
)/20 1 



To remote those VLANs from tliL 1 trunk links: 

On Both Switches 

(coniig)#]ntcrfacc range ft) 1 9-20 

(coniig-if-rangc)"Switchpoi1 trunk allowed vlan except 30,3132 

Note if an EtherChannel wag created, the command had to he configured directly 
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under the port -channel interface. 
To Verify the configuration: 

On Cat-1 

Cat- l#Show int trunk 

Port Mode Encapsulation Status Native vlan 

FaO.'l on isl trunking 1 

FaO 20 on isl trunking I 

Port Vlans allowed on trunk 

FaO/ 19 1-29 J3-4094 - Note VLANs 311 - 32 are removed from the trunk 

FaO/20 1-2933-4(194 

Port Vlans allowed and active in management domain 
FaG/19 1,12,34,56 
FaO/20 1,12,34,56 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1,12,34,56 
)/20 1 



Note the options that can he used with "Switchport trunk alkmed VLAN'" command 
are: Remove, add, all, and except. 

The " Swilchport trunk allowed vlan remove 30,31,32" command could accomplish the 
same task. 



Task 24 

Configure Cut- 1 : .s port F0 If and FO 16 such that when client PCs connect to these ports. 
they automatically become member of a given VLAN. Cat-1 should be configured to use 
1 0. 1.1. 1 as the primary and 10. 1 . 1 .2 as the secondary V MPS server. Ensure that the local 
switch reconfirms the VLAN membership every half hour and if the VMPS can not be 
contacted, the local switch will retry 5 times before considering the VMPS unavailable. 



VMPS: 



> The 3550 switch can't he setup as a VMPS server, but it can he configured as a 
VMPS client. 
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> The client communicates with the VMPS through Vlan Query Protocol (VQP). 

> When a VMPS receives a VQP from the client, it searches its database for a MAC 
to VLAX mapping, and if the mapping is found, it conveys the VLAX information 
to the client and then the client assigns that given VLAX to the port that the client 
is connected to. 

3* The VMPS can operate in Secure mode, which means that if a MAC to VLAX 
mapping can not he found in its database, the VMPS will send a port -shutdown- 
message to the client and the client will shut down that given port, however, if the 
VMPS is not configured in a secure mode, it \*ill send access-deny message, and the 
client will constantly monitor the port and will reject all traffic from that given 
port. 

3* The VMPS client periodically reconfirms the VLAX membership information 

received from the VMPS server. By default this is performed every 60 minutes, this 
interval can be changed using "VMPS reconfirm'" global conlig command. 

> If the VMPS client can't contact the VMPS server, it will retry to establish that 
communication three times and this value can be changed using vmps retry" 
command in the global conlig mode. 

> The database is in form of an ASCII file saved on a I FTP server, which the VMPS 
server accesses. 

On Cat-1 



Before configuring this task we should check some of the default values: 

Cat- 1 * Show vmps 
VQP Client Status: 



VMPS VQP Version: 1 
Rceo n firm Interval: 60 min 

Server Retry Count: 3 
VMPS domain server: 
Reconfirmation status 



VMPS Action: No Dynamic Port 

VMPS VQP version is version 1, and the reconfirmation is at its default value of 60 
minutes, and the retrv value is set to 3. There are no VMPS servers. 
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Cat- ](config')#int range fO/ 1 5 - 16 

Gat- l(contig-if-range)#5\vkehport mode access 

Cat- l(conng-if-range)#s\vitehport access vlan dynamic 

Cat- I(coniig-if-rangc)#rm shut 

The above command sets ports F(fcT5 and F0.T6 to VLAN dynamic, which means that they 
will acquire their \ LAN information dynamically. The "no shut'" command is required 
because these ports were shut down earlier 

Cat- l(conng)#vmps reconfirm 30 
Cat- ](conng)#vmps retry 5 

The above two commands configure the reconfirmation interval to 3(1 minutes and the 
retry counter to S. 

Cat- 1 (contig)#vmps server 10.1.1.1 primary 
Cat- 1 (conng)rTvmps server 1 0.1 .1 .2 

These commands configure the primary and the secondary VMPS servers. 

To verify the configuration: 

On Cat- 1 

Cat- l#Show vmps 
VQP Client Status: 



VMPS VQP Version: 1 
Reconfirm Interval: 30 min 
Server Retry Count: 5 
V M PS do ma in server: 10.1.1.2 

10. 1. 1.1 (primary, current) 
Reconfirmation status 



VMPS Action: N'o Dynamic Port 



Task 25 

Port F0 I 7 on Cat-1 is connected to a Cisco 7960 IP Phone. Voice traffic that originates 
from the phone is tagged with a CoSof 5, 
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A PC is connected to the 7960 IP Phone which is generating traffic with Co S of 3. Ensure 
that the data traffic belongs to VLAN 3 and the Voice traffic belongs to VLAN 5. The 
traffic originated by the 7960 IP Phone should maintain it's CoS value, whereas, the 
traffic that originated from the PC connected to the 7960 IP Phone should be re- writ ten 
with a CoS of 1. 



On Cat-1 

Cat-l(config)#Mls qos 

Cat- 1 (config)#l ntcrfacc FO/ 1 7 
Cat-l(coniig-if)#Switchport access Vlan 3 
Cat-I(config-if)#S witch port voice Vlan 5 
Cat-l(config-if)#Switcrjport priority extend cos 1 
Cat- l(contig-if)rrMls qos trust cos 
Cat- l(config-if)#No shut 

When the phone gets connected to the switch it will form an 8(12. lq trunk link. The 

traffic destined to the PC will be earned in the access VLAN, whereas the traffic 

destined for the "960 IP Phone will he curried in Voice VLAN. 

By default the 3550 doesn't process the CoS value and rewrites all frames with a 

CoS value of 0. To configure the phone such that it processes the CoS values, the 

QOS must he enabled globally using the "mis qos'" command. 

To configure the switch so it trusts the incoming CoS value from the 7960 IP Phone 

the "mis qos trust cos" command is used. 

Since the PC connected to the IP Phone can send traffic to the Phone with any Cos 

value and the phone wants to ensure that the voice traffic that it generates get better 

priority, it overrides the CoS for all traffic that is originated by the 

PC. In this task we have to configure the switch such that it re- writes the traffic with 
a CoS of 1, therefore, the "S\*itchport priority extended cos 1'" command is used. 
The "no shut'" command is required because the port was shut down earlier. 



Task 26 

Configure trunking between Cat- 1 and Cat-2 such that VLAN 12 docs not get tagged 
when the traffic lor this VLAX traverses the trunk. 



Note the I run king encapsulation on the trunk links should have been DOT1Q: in the 
CCIE lab, when configuring a given section, the entire section should be read before 

configuring the individual tasks within that section. 
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When a trunk is configured with Dotlq, it can receive both tagged and untagged 
traffic By default, the switch forwards untagged traffic in the native VLAN ONLY 
[f a given VLAN should NOT he tagged as it traverses the trunk link then, that 
VLAN should he set as the native VLAN. 

When the native VLAN is changed, ensure that the change is configured on both 
snitches or the trunk link will go down. 

On Both Switches 

i;config)#]ntcriacc range FO/19-20 
(con:fig-il-rangc)#S\vitchport trunk encap dotl q 

To Verify the am figuration: 

On Cat- 1 

Cat- l#Shmv int trunk 

Port Mode Encapsulation Status Native vlan 

Full 19 on 802. Iq trunk ing I 

Fa0.20 on 802. Iq trunk ing I 

Port Vlans allowed on trunk 
FaOT9 1-29,33-4094 
Fa0/20 1-29,33-4094 



Port Vlans allowed and active in management domain 
FaO 19 1,3,5,12,34,56 
FaO 20 1,3,5,12,34.56 



Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1,3,5,12,34,56 
FaO 20 1 

To u on Injure the native VLAN : 

On Both Switches 

( config)#] ntcrfac c range FGV 1 9-20 
(eonlig-if>rangc)^Sw heliport trunk native \ LAN 12 

To verify the configuration: 
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On Cat- 1 








Cat- 1 -Show interlace trunk 








Port Mode Encapsulation Status Native vlan 
FaO/19 on 802. lq tmnking 12 
FaO/20 on 802. lq tmnking 12 








Port Vlan s allowed on trunk 
FaO/19 1-29,33-4094 
FaO/20 1-29,33-4094 








Port Vlans allowed and active in management domain 
FaO/19 1,3,5,12,34,56 

FaO/20 1,3, 5 ,1 2, 34 56 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/19 1,3,5,12,34,56 
FaO/20 1 








On Cat-2 








Cat -2" Show interlace trunk 








Port Mode Encapsulation Status Native vlan 
FaO/5 on 802. lq tmnking I 
FaO/19 on 802. lq tmnking 12 
FaO/20 on 802. lq tmnking 12 








Port Vlans allowed a n trunk 
FaO/5 1-4094 
FaO/19 1-29,33-4094 
FaO/20 1-29,33-4094 








Port Vlans allowed and active in management domain 
FaO/5 1,3,5, 12,30-32,34,56 
FaO/19 1,3,5,12,34,56 
FaO/20 1,3,5,12,34,56 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/5 L3, 5, 12,30-32,34,56 
FaO/19 1,12,34,56 
FaO/20 none 
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Task 27 

The IT department decided to stop monitoring port FO 14 from Task 14, you have 
received a new request to monitor port FO. 14 on Cat- 1 but the protocol analyzer is 
connected to port FO 1 8 on Cat-2. Configure the switches to accommodate this request. 



On Cat-1 

Cat-l(con%)#M) monitor session 1 

Cat-](config')#Vlan90 

C at- 1 ( co n %- v Ian )#R emote- span 

Cat- l(conlig-vlan)#Exit 

The creation of this VLAN can only be done in the global configuration mode, 
because this is the only mode that allows, us to set the VLAN as remote-span. Ensure 
that this VLAN is propagated to Cat-2. 

To vcriiv the configuration: 



On Cat-1: 

Cat- l*Sh vlan brie 

VLAN Name Status Ports 

1 default active FaO/7, FaO'8, FaO 9, FaO; 10 

FaO.'l 1, FaO; 12, FaO; "13, FaO; 14 
FaO/ IS, FaQ/21, FaQ/22, FaO/23 
FaD/24, GiO'L GiO/2 

3 VLAN0003 active FaO; 17 

5 VLAN0005 active FaO; 17 

12 VLAN0012 active Fa0.i ; FaO/2 

30 VLAN0030 active 

31 VLAN0031 active 

32 VLAN0032 active 

34 VLAN0034 active FaO/3, FaO 4 

56 VLAN0056 active FaO/5, FaO/6 

'9(1 VLAN0090 active"*— ■ Ensure that this VLAN is propagated 

i The rest of the output is omitted) to Cat-2 

On Cat-2 



CCIE R&S by NarMk Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 124 of 1068 

C2009 Narbik KiicIih riant. All rij; h Ij raerved 



Cat-2*Sh vlan brie 




V LAN Name Status Ports 




1 default active FaQ/1, Fa0/2 S Fa0/3 S FaO/4 


Fa0/6 ( Fau77 s Fa0/8 S FaG/9 




FaO/ 1 s FaO/ 1 1 , FaO/ 1 2 , FaO/ 1 3 




Fa0i4, FaO/ 15, FaO/ 16, FaO/ 17 




FaO,i8, FaO/21, FaO/22, FaO/23 




FaO/24, GiO'l, Gi0 2 




3 VLAN0003 active 




5 VLAN0005 active 




12 VLAN0012 active 




30 VLAN0030 active 




31 VLAN0031 active 




32 VLAN0032 active 




34 VLAN0034 active 




56 VLAN0056 active 




90 VL AN () 09 a ct iv e < No te the VLAN is prop ag a ted . 


(The rest of the output is omitted) 




On Cat-! 




Cat- l»Sho\v vlan remote- span 




Remote SPAN VLANs 




90 


On Cat-2 




Cat-2r*Show vlan remote- span 




Remote SPAN VLANs 




90 


Note VLAN 9(1 should be displayed as remote- span on both snitches. 




On Cat-! 




Cat- l(config)#Monitoi" session 1 source interface FO/14 
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Cat-l(coniig)r*Monitor session 1 destination remote vlan 90 
To verify the configuration: 

On Cat- 1 

Cat- If*Sho\v monitor session 1 



Session 1 

Type : Remote Source Session 

Source Ports : 

Both : FaO/14 

Dest RSPAN VLAN : 90 

On Cat-2 

Cat-2(conng)#Monitor session 1 source remote vlan 90 
Cat-2(config)#Moni tor session 1 destination interface Fill/ 18 

Port FO/18 is Where the pro two I analyzer is connected. 

To verify the configuration: 



On Cat-2 



Cat-2#Sh monitor session 1 



Session 1 



Type : Remote Destination Session 

Source RSPAN VLAN : 90 

Destination Ports : FaO/18 

Encapsulation : Native 

Ingress : Disabled 

RSPAN extends SPAN by enabling remote monitoring of multiple switches across your 
network. The traffic for RSPAN traverses over a user defined RSPAN VLAN" (remote 
vlan), in this ease VLAN 90. The SPAN traffic from port F0/14 is reflected to VLAN 90 
(The RSPAN VLAN) and then forwarded over the trunk to port F0'18 an RSPAN 
destination. 
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Task 28 

Configure the hostname of the third switch to be Cat-3, and disable all ports but F0/21- 
22. This Switch should ioin the "CCIE" VTP domain. 



On the third Switch 

Switch(config)#Hostname Cat-3 

Cat-3(coniig)#int range ffl/1 - 20 , F0''23 - 24 
C at- 3( co n tig- i f-range)#S hu t 

Cat-3(config)#vtp domain CCIE 
Cat-3(coniig)#vtp password Cisco 

Note sometimes a MAN needs to be created in order to propagate the existing 
VL.VNs, as follows: 

On Cat-3 

Cat-3(conf.g')#vlan 99 
Cat-3(contig-vlan)T*cxit 

Note the VLANs are propagated: 

Cat-3#Sh vlan brie 



VLAN Name 
1 default 



12 VLAX0012 

30 VLAN0030 

31 VLAN0031 

32 VLAN0032 
34 VLAN0034 
56 VLAN0056 
90 VLAN0090 



Status Ports 

act ivc FaD/ 1 , FaO/2 , Fa0/3 , FaO/4 
FaO/5, FaO/'6,FaO/7 s FaO/8 
FaD .'9, FaO/'lD, FaO/11, FaD/ 12 
FaD 13, FaD/ 14, FaD/ 15, FaD/ 16 
FaO/17, FaD/ 18, FaD/ 19, FaO/20 
FaO/23 5 Fa0/24 5 Gia'l 5 Gi0/2 

UCt'A C 

active 
active 
active 
active 
active 
active 



Next, Vlan 99 is removed: 
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Cat-3(con%)#\() 


vlan 99 




Cat-3#Show vlan b 


ric I Exc 


un sup 


VLAN Name 




Status Ports 


1 default 


act ivc FaO: 1 , FaO. 2 , Fat) 3 , FaO: 4 






FaO/5, FaO/6,FaO/7,FaO/8 






FaO,'9, FaO/10, Fa0711,Fa0/12 






FaO/ 1 3 , FaO/ 1 4 , FaO/ 1 5 , FaO/ 1 6 






Fau717 5 FaO/ 18, FaO; 19, FaO 20 






FaO/23, FaD/24, GiO/1 , GiO/2 


12 VLAN0012 




active 


30 V LAND 030 




active 


31 VLAN0031 




active 


32 VLAN0032 




active 


34 VLAN0034 




active 


56 YLAN0056 




active 



Task 29 

Configure ports FO. 2 1 and FO 22 on Cat-3 and Cat-1 as trunk links using an industry 
standard protocol, these links should appear to STP as a single link. If one of the links 
tails, the traffic should use the other link without any interruption. These ports should 
NOT negotiate by using any protocol to accomplish this task. 



EtherChannels provide the folkms: 

> Fault- tolerant, high speed links between switches and routers. 

> EthcrChanncl provides an automatic recovery for the loss of a link by 
redistributing the traffic across the remaining link/s. 

> STP will not block one of the links in the bundle because to STP, the bundle looks 
like a single link. 

> Up to 8 links can be combined to provide more bandwidth. 

> The links within the bundle must have the same characteristics such as duplexing, 
speed and etc. 

> EthcrChanncl can be configured as layer 2 or layer 3. 

P With Layer 3, a logical interface (Port-Channel) is statically configured and alE 
Layer 3 configurations arc performed under that interface. 

> With Layer 2, the logical interface is created automatically. 

> With both Layer 2 and Layer 3, physical interfaces must be manually assigned to 
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the logical interface using "channel -group'' configuration command. 

> EthcrChanncls can be configured automatically using Port aggregation protocol 
(PAgP) or Link Aggregation protocol (LACP). 

> PAgP is a Cisco proprietary protocol,, whereas LACP is an industry standard 
IEEE 802. 3ad protocol. 

> Switches can be configured to use PAgP by configuring them in ALTO or 
DESIRABLE mode. 

> Switches can be configured to use LACP by configuring them in ACTIVE or 
PASSIVE mode. 

** If the switches arc configured in ON mode, they will not exchange LACP o r 
PAgP packets. 

There are 5 modes that Uil 1 switches can be configured in; 

> ON — Forces the interface into an EthcrChanncl without PAgP or LACP packets, 
both switches must be configured in OX mode ibr the EthcrChanncl to be 
established. 

> ACTIVE — Used in LACP, the switches will actively negotiate an EthcrChanncl 
link. 

> PASSIVE - Used in LACP, it places the interlace in a passive negotiation mode 
where it only responds to LACP packets that it receives. In this mode the switch 
will not start the negotiation process; this setting minimizes the transmission of 
LACP packets. 

> ALTO - Used in PAgP, it places the interlace in a passive negotiation mode; It 
only responds to PAgP packets that it receives. In this mode the switch will not 
start the negotiation process; this setting minimizes the transmission of PAgP 
packets. 

> DESIRABLE - Used in PAgP, the switches will actively negotiate an 
EthcrChanncl link. 

The following table is very important when configuring EthcrChannels: 



Switch one is configured as 



Switch two is configured as 



Will an EtherChannel 
he established? 



Desirable 



Desirable 



YES 



Desirable 



Auto 



YES 



Auto 



Auto 



NO 



Active 



Active 



YES 



Active 



Passive 



YES 



Passive 



Passive 



NO 
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Before configuring EtherChannel, you should check to ensure (hut the interfaces are 
configured with the same characteristics. 

The best way to configure an EtherChannel is to configure the Channel-group 
under the interfaces first, as follows: 

On Both Switches 

i;coniig)#]nt range fO/21 -22 
(coniig-ii-range)r'Channel-group 1 mode on 
(eonfig-if-rangc)#no shut 

Then, configure the port-channel that is created automatically as trunk. 

fcon±ig-if-rangc)#int port-channel 1 
(coniig-ii)#switehport trunk encapsulation dotlq 
(config-ii')#Sw itch port mode trunk 

In verify the configuration: 
On Cat- 1 



Cat- InShow int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq trunk ing 12 

Fafl 20 on 802.1q trunking 12 

Pol on 802. lq trunking 1 

Port Vlans allowed on trunk 

FaO 19 1-29,33-4094 
FaO/20 1-29,33-4094 

Pol 1-4094 

Port Vlans allowed and active in management domain 

FaO; 19 1,12,34,56,90 

Fa0/20 LI 2,34,56,90 

Pol 1,12,30-32,34,56,90 

Port Vlans in spanning tree forwarding state and not pruned 

FaO 19 1 

FaO/ 20 1,12,34,56,90 

Pol 1,12,30-32,34,56,90 

On Cat-3 



CCIE R&S b> Nurbik KuL-harLuiw Adt uiccd CCIE R&S Work Book 2.11 Pqge 130ofl068 

£M X«rbik Koch* riinx All riflhU raerved 













Cat-3#Sh int trunk 








Port Mode Encapsulation Status Native vlan 
Pol in 802. lq trunking 1 








Port Vlans alkiwcd on trunk 
Pol 1-4094 








Port Vlans allowed and active in management domain 
Pol 1,12,30-32,34,56 








Port Vlans in spanning tree forwarding state and not pruned 
Pol 1,12,30-32,34,56 








On Cat-1 








Cat- l#Show spanninK-trcc int ffl 2 1 








Mst Instance Role Sts Cost Prio.Xbr Type 








VLAXOOOl Root FWD 12 128.616 P2p 
VLAN0012 Root FWD 12 128.616 P2p 
VLAX0030 Rtx.it FWD 12 128.616 P2p 
VLAX0031 Root FWD 12 128.616 P2p 
VLAX0032 Root FWD 12 128.616 P2p 
VLAX0034 Rtx.it FWD 12 128.616 P2p 
VLAX0056 Root FWD 12 128.616 P2p 








Cat-l#Show spanning-trcc int It) 22 








Mst Instance Ro'c Sts Cost Prio.Nbr Type 






VIAND® 1 Root FWD 12 1 28.616 P2p 

VLAX0012 Root FWD 12 128.616 P2p 
VLAX0030 Root FWD 12 128.616 P2p 
VLAX0031 Root FWD 12 128.616 P2p 
VLAX0032 Root FWD 12 128.616 P2p 
VLAN0034 Root FWD 12 128.616 P2p 
VLAX0056 Root FWD 12 128.616 P2p 




On Cat-3 








Cat-3#Show spanning-trcc int 10/21 
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Vlan 


Role Sts Cost 


Prio.Xbr Type 


VLAN0001 


DcsgFWD 12 


128.65 


P2p 


VLAX0012 


DcsgFWD 12 


128.65 


P2p 


VLAX0030 


DcsgFWD 12 


128.65 


P2p 


YLAX0031 


Dcsg FWD 1 2 


128.65 


P2p 


YLANQQ32 


DcsgFWD 12 


128.65 


P2p 


VLAN0034 


DcsgFWD 12 


128.65 


P2p 


VLAX0056 


Dcsg FWD 1 2 


128.65 


P2p 


Cat-3#Show s 


panninf»-trce int It) 22 






Vlan 


Role Sts Cost 


Prio.Xbr Type 


YLAX0001 


Dcsg FWD 1 2 


128.65 


P2p 


VLAX0012 


Dcsg FWD 1 2 


128.65 


P2p 


VLAN0030 


DcsgFWD 12 


128.65 


P2p 


VLAN0031 


Dcsg FWD 1 2 


128.65 


P2p 


VLAN0032 


DcsgFWD 12 


128.65 


P2p 


YLAN0034 


DcsgFWD 12 


128.65 


P2p 


VLAX0056 


Dcsg FWD 12 


128.65 


P2p 


Note all inter) 


aces are in forwardi 


ng state because to spanning- tree the port- channel 


appeal's as a single inteifaee. 






A "show etherchannel 1 detail" command 


can reveal that the interfaces are working 


in the bundle. 









Task 30 

Ensure that the EthcrChannc! created in the previous step uses destination MAC 
addresses to load-balance the traffic load. 



Load balancing can be done based on the following: 

Source MAC address — Packets forwarded to an EthcrChanncI arc distributed across the 
ports in the channel based on the source MAC address of the incoming packets. When 
source MAC address load balanc ing is enabled, the load distribution based on the source 
and destination IP address is also enabled 

Destination MAC address — If the EthcrChanncI is between a router and a switch and 
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since the router has a single MAC add res s, destination based load balancing is the best 
way. 

to sec the default load balancing: 

On Cat-1 

Note tlie default load balancing is based on the 
Cat- l#show ethcrchanncl load , Source Mac address 



EthcrChanncl Load -Balancing Operational State (sre- mac): 
Non-IP' Source MAC address 

IPv4: Source MAC address 

IPv6: Source IP address 

To configure the load balancing based on the destination Mae addresses: 

On Both Switches 

(config)r#port-channcl load-balance dst-mac 

To verify the configuration: 

Cat-l#sho\v cthcrchannc. .oad 

EthcrChanncl Load -Balancing Operational State (dst-mac): 
Non-IP: Destination MAC address 
1 Pv4 : Destination MAC address 
IPv6: Destination IP address 



Task 31 

Erase the startup configuration and vlan.dat before proceeding to the next lab 



CCIE R&5> by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 133 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 







Lab 4 
35 60 co nf i £U ration 






Task I 

Configure the switches using the following hostnames: 

The first switch as Cat- 1 . the second switch as Cat-2, the third switch as Cat -3 and the 

forth switch as Cat -4 








On the first switch: 

Switch(config)#ho Cat- 1 
Cat-l(config)# 

On the second switch: 

Switch(config)£ho Cat-2 
Cat-2(config)# 

On the third switch: 

Switch(contig)#ho Cat- 3 
Cat-3(config)# 

On the forth switch: 

Switchfconfig.^ho Cat-4 
Cat-4(config)# 






Task 2 

Configure Cat- 1 such that the console messages arc displayed with sequence numhers. 






On Cat-1 




c< 
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Note to generate a console message all we need to do is go to the global eon fig mode 
and get hack to privilege mode as follows: 

Cat- I#c®nft 

Enter configuration commands, one per line. End with CNTL Z. 

Cat- l(config)#cnd 

Cat- If* 

00: 1 7:05 : %S YS -5 -C ON F 1 G_l : Co n figu red fro m co nso Ic by co nso le 

Note the above console message did not have the sequence numbers, to enable the 

sequence numbers: 

On Cat-1 

Cat- If con tig)f# service set] uence- numbers 

Cat- ](config)f*cnd 

Cat- 1# 

000057: 00: 18:46: %SYS-5-CONFlG_l: Configured from console b>' console 

Note 000057 is the sequence number 






Task 3 

Disable the timestamps for all console messages including the debug messages on Cat-1 






On Cat-1 

Cat- l('coniig)r*\0 service timestamps debug 

The above command disables log time stamps, which enables time stamps on log 
messages showing the time since the system was reloaded for all levels (This is 
because debug is the default value, so it displays level 7 and all the loner numbers 
below level 7). 

Cat-l(config)"NO service timestamps log 

The above command disables log time stamps w hich enables time stamps on log 
messages showing the time since the system was reloaded. 

C at - 1 ( co n fig)#c nd 
Cat- 1# 




cc 
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00005S: { XSYS-5-CO\ FICi_I: Configured from console by console 
Note (here are no time stamps on the above message. 






Task 4 

Set the time and date of Cat- 1 to 16 minutes passed 4 PM, December 26. 2007. The time 
zone should be set based on Sydney Australia (EST - 1 ! ). You should use a privilege 
level and a global config level command to accomplish this task. 






On Cat-1 

Ctt-l#Clock set 16:16:00 Dee 26 2007 

Cat-l(coni:ig)#etoek time-zone EST -11 
To verifv: 

Cat- !#Show clock 

16:1 7:3 1 . 972 EST Wed Dec 26 2007 






Task 5 

Coniiizurc Cat- 1 such thai the sj.sicir. ir.essLib-es are d:sp'.u\cd v. :th sequence numbers and 
current time and date. 






On Cat-1 

Cat-](conng)#scrvicc timestamps log datctimc 
Cat-l(config)#crjd 

000071: Dec 26 05:19:34: %SYS-5-CO\FlG_I: Configured tram console by console 

Note the sequence number of 000071: followed by the current date and time (Dee 26 
05:19:34) is displayed. 
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Task 6 

Co n figure Cat- 1 such that the system messages arc displayed with sequence numbers, 
current date and time in HH:M\1:SS and msec and local time and the current timczonc. 






On Cat-1 

Gal- l(config)#ser\ice time Stamps log datetime msec loealtime show-timezone 

Cat-l(coniig)#cnd 

000077: Dec 26 1 '6:28:24 354 EST: %$Y$-5-CONFIGJ: Configured from console by 
console 






Task? 

C o n tigu r c Cat-2 using t he tb Ik) w i ng po 1 icy: 

> The switch should log all Emergency,, Alerts, Critical. Errors and Warning 
messages 

> The syskjg server located at 1 0. 1.1. 1 00. 

> The messages should be logged to locaW facility 






On Cat-2 

Cat-2(config)#logging 10. 1. 1 . 1 00 

Cat-2(config)#logging trap 4 

Cat-2i config)#k)gging facility local4 

'l'» verify the configuration: 

On Cat-2 

Cat-2#Show logging 

Sysk)g logging: enabled (0 messages dropped. 1 messages rate-limited, Hushes, 

overruns, xml disabled, filtering disable 

d) 

Console logging: level debugging, 41 messages logged, xml disabled, 

filtering disabled 
Monitor logging: level debugging, messages logged, xml disabled, 
filtering disabled 




cc 


IE R&* b> Narbik Koeharians A<k anted CCI E R&S Work Book 2.0 Page 137 of It 

C2009 Narbik Kochariaiu. All rq|litj reserved 


)68 













Butter logging: level debugging;, 41 messages logged, xml disabled, 

tillering disabled 
Exception Logging: size (4096 bytes) 
Co Lint and timestamp logging messages: disabled 
File logging: disabled 
Trap logging: level warnings, 43 message lines logged 

Logging to 10. 1.1,1 (HI, message lines logged, xml disabled, 
filtering disabled 






TaskS 

Configure Cat-3 to log the system messages to a file called "syslog**, this file should be 
saved in the Hash with a max size of SI 92. The severity type should be set to 
"debugging". 








On Cat-3 

Cat-3(config)#logging file Hash:sysIog 8192 debugging 

Cat-3(config)#int fD/1 
Cat-3(conng-if)#shut 
Cat-3(coniig-if)#NO shut 

To verify the configuration: 

On Cat-3 

Cat-3#dir 

D irec to ry o f lias h:/ 

2 -rwx 327 Mar 1 1993 00:05:28 -00:00 systcm_cnv_vars 

3 -rwx 3426 Mar 1 1993 02:23:17 -00:00 contig.you 

4 -rwx 3345 Mar 1 1993 01:49:34-00:00 contig.old 

5 -rwx 7134015 Mar 1 1993 00:04:51-00:00 c3550-ipscrviccsk9-mz.l22-25.SEE2.bin 

6 -rwx 327 Marl 1993 01:25:32 -0(1: (HI sy slog 

7 drwx 192 Marl 1993 00:03:42 -00:00 c3550-i9q3l2-mz.l2 1-1 3.E Ala 
24 -rwx Mar 1 1993 00:05:28-00:00 cnv_vars 
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Task 9 

Configure Cat-] to disable logging of POE events for it's FO 5 interface 






On Cat-1 

Cat-l(contig)#intFQ.''5 

Cat- ](contig-if)#no logging event powcr-inlinc-status 

This command may not be available cm your switch if the switch that you are 
working on in NOT POE (Power (her Ethernet), 






las kill 

Configure the system resources of Cat-4 such that unicast routing is disabled and it 
supports maximum number of Unicast MAC addresses. 






On Cat-4 

Cat-4#Show sdm prefer 

The current template is the default template. 
The selected template optimizes the resources in 
the switch to support this level of features for 
8 routed interfaces and IK YLAXs. 
number of unicast mac addresses: 5K 
number of igmp groups: IK 
n umber o f qo s aces: I K 
n u mb cr o f sec u r it y ac cs : IK 
n u mb cr o f u n ic as t ro utcs: 8K 
number of multicast routes: 1 K 

To change the SDM template for Unicast routing: 
Cat-4(config)#sdm prefer vlan 
To verify the configuration: 
On Cat-4 
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Cat-4r»Sho\v sdm prefer 

The current template is the default template. 
The selected template optimizes the resources in 
the switch to support this level of features for 
8 routed interfaces and IK V LAN's, 
number of unicast mac addresses: 5K. 
number of igmp groups: IK 

n u mb cr o f qo s ac cs: IK 

n u mb cr o f sec urit y aces : I K 

n u mb cr f u n ic as t ro ut cs: 8K 

number of multicast routes: 1 K 

The template stored for use after the next reload 

is the vlan template. 

The selected template optimizes the resources in 

the switch to support this level of features for 
8 routed interfaces and IK VLANs. 
number of unkast mac addresses: 8K 
number of igmp groups: IK 

n u mb cr o f q o s aces: 1 K 

n u mb cr o f sec u r it y aces : IK 

n u mb cr o f u n ic as t ro ut cs: 

n u mb cr f mu 1 1 icast ro utcs: 

This template disables muting and supports maximum number of Unicast MAC 
addresses. Typically used for layer 2 snitches, if this option is used, routing is done 
in the software and it severely impacts the snitches performance. 



Task II 

Configure port FO I of Cat-1 as a layer 3 interface and assign an IPv6 address of 
12:1:1:12::! '64 to this interface. 



On Cat-1 

Cat-](config')#int HIT 

Cat- !(coniig-if)#no switchport 

Cat-l(conlig-if)#ipv6 address 1 2:1:1:12::! /64 
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% Invalid input detected at ''•' marker. 

Note IPv6 is not enabled and therefore, IPv6 addressing can NOT be assigned to any 
of the interfaces on this switch, the 3560 switches support IPv6 but the SDM needs 
to be changed for "dual-ipv4-and-ipv6'" before the IPv6 support is enabled. 

Cat- li'conlig'i^sdm prefer dual-ip\4-and-ip\6 default 

Cat-l(config)#int f&T 

Cat-l(config-if)#ipv6 address 12:1:1:12:: 1/64 

Cat-lfconfig-ifVno shut 

To verify the configuration: 
Cat-l#sh ipv6 inter ft).' 1 

FastEthcrnctO/l is up, line protocol is up 
IPv6 is enabled, link -local address is FE80::217:E0FF:FE26:3B41 
Global unieast address (cs): 
12:1:1: I2::l, subnet is 12:1 : 1 : 1 2:: 64 






Task 12 

Configure FO/23 interlace of Cat- 1 such that it can detect unidirectional links due to one 
way traffic on twisted pair. This switch should be configured such that if FO/23 interface 
transitions into crrdisablc state, it should automatically recover every 2 minutes and if the 
port detects unidirectional links it should repeat the cycle again. 






On Cat-1 & Cat-4 

Cat-x(conng)#int ft) 2 3 
Cat-xtconfig-if^udld port aggressive 

To verify the configuration: 

On Cat-1 

Cat- l#Shudld ID/23 

Interface Fat).' 2 3 
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Port enable administrative configuration setting: Enabled / in. aggressive mode 

Port enable operational state: Enabled / in aggressive mode 

Current bidirectional state: Bidirectional 

Current operational! state: Advertisement - Single neighbor detected 

Message interval: 15 

Time out interval: 5 

Entp, 1 

Expiration time: 43 

Device ID: 1 

Current neighbor state: Bidirectional 

Device name CHK0649W0TP 

Port ID: FaO 23 

Neighbor echo 1 device: FDOl 22 1Z2QT 

Neighbor echo I port: FaO. 23 

Message interval: 15 

Timeout interval: 5 

CDP Device name: 5YV4 

Note if the unidirectional link is detected, the following will be the output of ''Show 

udldFoV23" command: 

Interface FaO 23 

Port enable administrative configuration setting: Enabled / in aggressive mode 

Port enable operational state: Enabled / in aggressive mode 

Current bidirectional state: Unknown 

Current operational state: Advertisement 

Message interval: 7 

Time out interval: 5 

No neighbor cache information stored 

To configure the auto recovery upon detection of unidirectional link: 

Cat-](conlig)#ernli sable recovery cause udld 

Command enables the timer to automatically recover from the UDLD error- 
disabled state 

Cat- 1 ( co nfigjrferrdi sable recovery interval 120 

Command specifies the time to recover from the UDLD error-disabled state 
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To verify the tu 


nfiauration: 


On Cat-1 




Cat- l#Sh crrdisablc recovery 


ErrDi sable Reason 


Timer Status 


udld 


Enabled 


bpdu guard 


Disabled 


security- viotatio 


Disabled 


ehanncl-rnisconfig 


Disabled 


vmps 


Disabled 


pagp-tlap 


Disabled 


dtp -flap 


Disabled 


link- flap 


Disabled 


12 pt guard 


Disabled 


p sec Lire- violation 


Disabled 


gbic- invalid 


Disabled 


dhep -rate-limit 


Disabled 


unicast -flood 


Disabled 


storm-control 


Disabled 


arp- inspect ion 


Disabled 


loopback 


Disabled 


Timer interval: 12 


() seconds 



task 13 

Configure the following IP addresses on Cat- 1 and R I : 

Cat-rsFO/1 interface— 10.1.1.10 .'24. Cat-1 should also have a default gateway pointing 

toRl. 

Rl's F0/0 interface 10.1. 1. 1 24, LoO interlace 1.1.1.1 8, Lol interface 100.1.1.1 /24 



On Rl 

Rlfconfig^inttM) 

RKconfig-ityipaddr 10. 1.1.1 255.255255.0 

Rl (config-if)#no shut 
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Rl(config-ii>int loO 
Rl(config-ii>ipaddr 1. 1.1.1 255.0.0.0 

Rl(config-if)#int b! 

Rli;config-if)#ipaddr 100. 1. I.I 255.255.255.0 



Tu verify the configuration: 



On Rl 

R l#Show ip int brie 

Interface 

FastEthcrnctO/0 

FastEthcrnctO'l 

ScrialO/0/0 

SeriaKVO/l 

LoopbackO 

Loopbackl 

On Cat-1 



IP-Address OK? Method Status Protocol 

10.1.1. 1 YE S manua 1 up up 

tinas signed YES unset administratively down down 

unassigncd YES unset administratively down down 

u nass ign cd YE S u nsct ad m i n is trati vc ly do wn d o wn 

1.1.1.1 YES manual up up 

1 00. I.I.I YES manual up up 



Cat-l(conlig)#int fl)/l 

Cat- l(conlig)#no switchport 

Cat-l(con%-if)#ip address 10.1.1.10 255255.255.0 

C at - 1 ( co n tig- i f )# n o shu t 

Cat- l(conng)#ip route 0.0.0.0 0.0.0.0 1 0. 1 . 1 . 1 



To verify the configuration: 



On Cat-1 

Cat-l*Ping 10.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 1.1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/202/1006 ms 
Cat- l#Ping 1 00. I.I.I 
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Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 100. 1. 1. 1, timeout is 2 seconds: 

(MM 

Success rate is 10(1 percent (5/5), round-trip min/avg'max = 1/202/1007 ms 

Cat-l#PingLLIJ 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echos to 1.1.1.1, timeout is 2 scco nds: 

( M M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 '202 '1006 ms 






Task 14 

Configure a Smart port Macro on Cat-1 such that it pings all the interfaces oi'Rl. this 
macro should be configured such that it can be executed at any time by entering "TST" in 
the global con fig mode. 






On Cat-1 

Cat-l(conng)#Macro name TST 

Enter macro commands one per line. End with the character '@'. 

do Ping 10.1. I.I 

do Ping 100. I.I.I 

do Ping I.I. 1.1 

Cat- 1# 

In tL'st tht. 1 configuration: 




On Cat-1 

Cat-l(config)#inacro ylobal apply TST 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10. 1. 1.1 , timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5'5), round-trip min/avg'max = 1/2'S ms 
Type escape sequence to abort. 
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Sending 5 r 100-byte ICMP Echos to 100.1. 1.1. timeout is 2 seconds: 
mil 

Success rate is 100 pereent (5/5), round-trip min/avg/max = 1/2/9 ms 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 

1122! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 

To execute the Macro by just entering "TST\ requires configuring an alias, as 
follows: 

Cat- 1 (con fig)#a lias configure IS J macro global apply I SI 
To lest the configuration: 

On Cat-1 

Cat-l(config)#TST 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: 

fiffj 

Success rate is I (III percent (5/5), round-trip min/avg/max = 1/2/8 ms 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds: 

1122! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 

Type escape sequence to abort. 

Sending 5» 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 

■ ■22! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 



Task 15 

Configure the F0/0 interface of Rl -R3 in VLan 2; configure Rl - R3 based on following 

parameters: 
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Router 


Interface 


IP address 


MAC address 


R I 


FOG 


10.1.1.1 /24 


0000.11 11.1111 


r: 


FOG 


10.1.1.2 24 


0000. 7 22 7 . ? 22 7 


R3 


FGG 


10.1.1.3 24 


(BOG. 33 3 3. 3333 



On Rl 

Rl(config)#intfO/'0 

Rl(config-if)#ipaddr 10.1.1.1 255.255255.0 
Rl .(config-it>mac-addrcss (WOO. 1 1 1 1 . 1 1 1 1 
Rl(config-if)#no shut 

On R2 

R2(config)#intfl)/0 

R2(config-if)#ip addr 10.1.1.2 255.255.255.0 
R2(config-ii>*mac-addrcss 0000.2222.2222 
R2(config-ii>no shut 

On R3 

R3(config)#int fO/'O 

R3(cemfig-if)#ip address 10.1. 1.3 255.255.255.0 
R3(config-ii>mac-addrcss 0000. 3333.3333 
R3(config-if)#no shut 

On Cat-1 

Cat-l(config)#intfO/i 
Cat - 1 ( co n fig- i f)#S wi 

Cat- l(config)#int range it)/ 1 -3 
Cat-lfconfig-ii-rangc)T#swi mode ace 
Cat- l(config-if-rangc)#swi ace v 2 
C at - 1 ( co n fig- i i-ran gc)#span n i ng po rt fast 



Task 16 

Configure IP source guard on Cat- 1 such that it filters traffic based on manually 
configured IP source bindings. If any of the hosts in this VLAN uses the IP address of 
another router in this VLAN, the switch (Cat-1 ) should drop that traffic. 
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On Cat-1 

Cat-l(config)#ip dhcp snooping 

Cat- l(coniig)#ip dhcp snooping vlan 2 

The above commands enable DHCP snooping Binding for VLAN 2, these must 
be configured, or else the IP source guard will NOT work. 

Cat- ](conn"g)#interfacc range fU ■'' 1-3 
Cat- l(config-if-rangc)#ip verify source 

The above command enables Source IP Address Filtering: with "IP Verify 
Source" command configured under the interfaces, the switch does NOT check 
the Mac addresses that are- bound to the IP addresses. 

Cat- l(config)#ip source binding 0000.1111.1111 vlan 2 10.1.1.1 interface Fill 
Cat-l(conng)#ip source binding 0000.2222.2222 vlan 2 10.1.1.2 interface FO/2 
Cat-](conng)#ip source binding 0000.3333.3333 vlan 2 10.1.1.3 interface F0/3 

The above commands configure three entries in the IP Source Bindings table. 

'!'» verify the configuration: 



On Cat -I 

Cat- I#SjjOw ip source binding 

Mac Address IpAddrcss Lcasa'scc) Type VLAN Interface 



00:00:22:22:22:22 10. 1.1.2 
00:00:33:33:33:33 10.1.1.3 
00:00:1 1:1 1:11:11 10. I.I.I 
Total number of bindings: 3 



infinite static 2 
infinite static 2 
infinite static 2 



Fast Ether net 02 
FastEthcrnctO 3 
FastEthcrnetO I 



Cat- l#Show ip verify source 

Interface Filter- type Filter- mode IP- ad dress 



Mac -address Vlan 



FaO/1 ip 
FaO/2 ip 
FaO/3 ip 



active 


10 J 


I.I 


active 


10.1 


1.2 


active 


10.1 


1.3 



1 
1 
1 



To test the configuration : 
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On kl 

Rl(config)#intffl/0 

Rl (config-it>ip addr 10. 1 .1 .4 255.255.255.0 

Rl*Ping 10.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.1 2, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note when IP source guard is enabled with source IP address Filtering, IP 
traffic is filtered based on the source IP address. The Switch forwards IP 
traffic when the source IP address of that traffic matches an entry in the 
DHCP snooping binding database or a manually created source binding table. 

Rl(config^inti0/'0 

Rl(eonfig-il>ip addr 10. I.I .1 255255255.0 

Rl*Ping 10.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 1 .2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 

In the above test, the IP address of Rl's FO.'O interface was changed to match 
the configured binding in the switch, therefore, the traffic was allowed. 



Task 17 

Configure the F 1 interface of Rl -R3 in Vlan 22; configure Rl — R3 based on following 
parameters: 



Router 


Interface 


IP address 


MAC address 


Rl 


FO 1 


20. I.I.I 24 


0000.11 11.1111 


r: 


FO 1 


20. 1 . 1 .2 .24 


0000.^22.2222 


R3 


FO 1 


20.1.1.3 24 


000 0.33 3 3. 3333 



On Kl 
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Rl(config)#intft)/l 

Rlfconfig-ifVip addr 20. 1.1.1 255.255.255.0 
Rl (config.if)#mac-addrcss D0O0. 1 1 I I . i i I I 
Rl(config-if)#no shut 

On R2 

R2(config)#intfl)/l 

R2i;config-if>*ip addr 20. 1 .1 .2 255.255.255.0 
R2(config-it>mac-iridrcss 0000.2222.2222 
R2iconfig-if)#no shut 

On K3 

R3ieonfig)#int tO.T 

R3(config-it>ip address 20.1. 1.3 255.255.255.0 
R3(config-if>mac-addrcss 0000. 3333. 333 3 
R3 icon fig- if)#no shut 

On Cat-2 

Cat-2(contig)#int range 10.' 1 -3 
Cat-2(cuntig-if-rangc)#swi mode ace 
Cat-2(config-if-range)#swi ace v 22 
Cat- 2( co n tig- i f-r an gc )" sp an n i ng po rt last 



Task IS 

Configure IP source guard on Cat-2 such that it filters traffic based on manually 
configured IP source and MAC Address Filtering. If the switch detects another MAC or 
IP address on one of the configured ports, it should drop the traffic. 



On Cat-2 

Cat-2(contig)#ip dhep snooping 
Cat-2(config)#ip dhep snooping vlan 22 

The above commands enable DHCP snooping Binding for VLAN 22, these must be 
configured or else the IP source guard will NOT work. 

Cat-2(config)#intcrface range fO/1-3 
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Cat-2(config-if-range)#ip verily source port- security 
C at - 2( co n tig- if-range)# Switch port port- security 

The above command enables IP Source guard with IP and MAC address filtering. 
With "IP Verify Source port-security'" command configured under the interfaces, 
the snitch will filter based on the MAC and IP addresses. The "Switchport port- 
security'" command MUST be configured for the interfaces in VLAN 22. 

Cat-2(config)#ip source binding DOQO, 11 1 1.11 1 1 vlan 22 20.1.1.1 interface FQ 1 
Cat-2(config)#ip source binding 00 00. 2222. 2222 vlan 22 20.1.1.2 interface FO 2 
Cat-2(config)#ip source binding 0000.3333.3333 vlan 22 20.1.1.3 interface FO 3 

The above commands configure three entries in the IP Source bindings table. 

To verify the configuration: 

On Cat-2 

Cat-2#Show ip source binding 

Mac Address IpAddrcss Lcasciscc) Type VLAN Interlace 



00:00:22:22:22:22 20.1.12 
00:00:33:33:33:33 20.1.1.3 
00:00:1 1:11:11:11 20.1.1.1 
Total number of bindings: 3 



Cat-2rrShow ip verily source 

Interface Filter-type Filter-mode IP- address Mac-address Vlan 



infinite 


static 


:: 


Fast Ethernet 0/2 


infinite 


static 


22 


FastEthcrnctO 3 


infinite 


static 


22 


FastEthcrnctO 1 



Fa0/1 ip-mac 
FaO/2 ip-mac 
FaO -- ip-mac 



active 


20. I.I.I 


00:00:1 1:11:11:11 


22 


active 


20.1.1.2 


00: 00:22:22:22:22 


22 


active 


20.1.1.3 


00: 00:3 3:33: 33:3 3 


22 



To test the i'mrtj^uratimi: 



On Rl 



Rlfconfig^intrtll 
Rlfconfig-iiyNOmac 

Rl*Ping 20.1.1.2 
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Type escape sequence to abort. 

Sending 5, lOQ-bytc ICMP Ethos to 20. 1. 1 .2, timeout is 2 seconds: 

Success rate is I) percent (0/5) 

To test the communication with the correct MAC address: 

Rl(config)#intffl/l 
Rlfconfig-ii^mac-addrcssOOOO. 1 1 1 1 . 1 1 1 1 

Rl#Puog 20.1.1 J. 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min.'avg'max = 1/1/1 ms 

Note when IP source guard is enahled with source IP and MAC address Filtering, 
IP traffic is filtered hased on the source IP and MAC address binding. The S\>itch 
forwards IP traffic when the source IP address of that traffic matches an entry in 
the DHCP snooping binding database or a manually created source binding table. 






Task 19 

Configure R4 1 sFG/l interface in VLAN 22 using the following parameters: 

R4'sF0/ 1 -20.1.1.4/24 
Mac-address - 000 0.4444. 4444 






On R4 

R4(eonfig)#intfu71 

R4iconfig-if>#ip address '0. 1 . 1 .4 ^55.^55. 255.0 
R4(config-if>mac-addrcss 0000.4444.4444 
R4fconfig-if)frno shut 

On Cat-2 

Cat-2(config)#int ftl'4 
Cat-2(contlg-if)#s\vitchport mode access 
Cat-2(config-if!i#s witch port access vian 22 




cc 
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C at -2(config- i f) tfspann ing port fast 
To test the iuitiii;u ration: 

OnR4 

R4#Ptng 20.1.1 .1 

Type escape sequence to abort. 

Sending 5, IGO-byte ICMP Echos to 20,1.1.1, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = l/l/l ms 

R4tf Ping 20.1.1.2 

J ypc escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

R4#Ping 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 20. 1.1. 3, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = l/l/l. ms 

Note R4 was added to VLAN 22 and was able to communicate with all the 
hosts, routers In VLAN 22. 



Task 20 

Configure DAI (Dynamic ARP Inspection) to fix the problem identified in the previous 
step such that if a new host/router is added to VLAN 22, it won't be able to communicate 
with any host/router in VLAN 22 unless it's IP to MAC address binding is added, to the 
table. 



On CAT-2 

CAT-2(eonfig)#ip arp inspection vlan 22 
CAT"2(config)flip arp inspection filter TST vlan 22 static 
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CAT-2(coniig)#arp access-list TST 

CAT-2(tt)nfig-arp-nacl)#permit ip host 20.1.1.1 mac host 0000.1 111.1111 
CAT-2(coniig-arp-nacl)#permit ip host 20.1.1.2 mac host 0000.2222.2222 
CAT-2(conng-arp-nacl)#permit ip host 20.1.1.3 mac host 0000.3333.3333 
CAT-2(config-arp-nacl)#perniit ip host 20.1.1.4 mac host 0000.4444.4444 

To verify the configuration: 



On Kl 

Rl^Ping 20. LI .2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 12, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 
RjjPiljg 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .3, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/ 1 ms 

Rl^Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 



Success rate is 100 percent (5/5),, round-trip min/avg'max = 1/1/4 ms 
To test the eonfijjuration: 

On R4 

R4(config)#intffl/l 
R4iconi':g-:f)#li0 mac 

R4^Ping 20.1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1.1.1, timeout is 2 seconds: 

Success rate isO percent (0/5) 
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Note the MAC address does NOT match the funding in the Arp ace ess- list. 

R4(config)#int FO/1 
R4(config-ii>*mac-addrcss 0000.4444.4444 

R4*Ping 20.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

Note the MAC address is added to the FO/1 interface of R4 and the ping was 

successful. 

To test In adding another router to this V LAN: 

On R5 

R5(config)#intF0/l 

R5(config-if>lP address 20. 1 . 1 .5 255.255.255.0 
R5(config-iiy Mac-address 0000.5555.5555 
R5(config-if)r*no shut 

R5*Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R5*Ping 20. 1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .3. timeout is 2 seconds: 

Success rate isO percent (0/5) 

R5*Ping 20.1.1.2 

Type escape sequence to abort. 

Sending 5 S 100-bytc [CMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 



Success rate isO percent (0/5) 
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R5#Pjjjg 20. 1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 

Success rate isO percent (0/5) 

I'd allow for nevtlv added router iv hosts to tinmmunicatt! nith other 
hosty'routers in VI AN 22; 

On Cat-2 

Cat-2(config)#arp ace ess- list TST 

Cat-2(conng-arp-nacD#permit ip host 20. 1. 1. 5 mac host 0000.5555.5555 

To see the ARP access-list: 

On Cat-2 

Cat-2#Sho\v arp ace ess -list TST 

ARP access list TST 

permit ip host 20. 1. 1.1 mac host 0000. Ill 1.11 11 



permit ip host 20 
permit ip host 20 
permit ip host 20 
permit ip host 20 



.2 mac host 0000.2222.2222 
.3 mac ho st 00 0. 33 3 3 . 33 3 3 
.4 mac host 0000.4444.4444 
.5 mac host 0000.5555.5555 



To test the configuration: 

On R5 

R5*Pina 20.1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round -trip min/avg.'max = 1/1/4 ms 
R5*Ping 20. 1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 
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Success rule is 8(1 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

R5*Ping 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .3. timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 

R5*Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5 ; 100-bytc ICMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 



I ask 2 1 

Since the CPL" of the switch performs the actual DAI validation checks, the incoming 
ARP packets should be configured to be 1/3 of its default value. This should ONLY be 

configured tor the ports :n VLAN 22. 



Because the snitch uses its CPU to perforin Dynamic ARP Inspection, the switch 


nill rate limit the numhe 


r ol ARP packets to 15 pps, this can be revealed using the 


"Show ip arp inspectiun 


interfaces'" command, as follows: 


On Cat -2 




Cat-2TrSh ip arp inspection interfaces 


I n tcr fac c Tru st St at c 
FaO. 1 L'n trusted 


Rate (pps) Burst Interval 


15 1 


FaO/2 L'n trusted 


15 1 


FaO/3 L'n trusted 


15 1 


Fa0/4 L'n trusted 


15 1 


FaO/5 L'n trusted 


15 I 


i The rest of the output is 


omitted) 
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Note the default value lor all interfaces is set to 15 pps. 

To configure the Cat to rate limit the number of ARF packets: 

On Cat-2 

Cat-2(config)#int range FO.T-5 

Cat-2(config-if-rangc)T*ip arp inspection limit rate 5 burst interval 1 

'I'o verify the configuration: 



On Cat-2 



Cat-2#Sh ip arp inspection interfaces 

Interface Trust State Rate (pps) Burst Interval 

FaO i 
FaO/2 
FaO/3 
FaO/4 

FaO/ 5 

i The rest of The output is omitted) 



Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 



Task 22 

Configure Cat-2 to keep track of all drop packets due to mismatch of the dynamic ARP 
inspection binding configured in one of the previous steps. The switch should log 
messages after 5 seconds of an event: ensure that the switch adds entries to the log buffer 
without generating a system message. 



When the switch drops a packet, it adds an entry in the log buffer and generates a system 

message. Once the switch generates a system message, the particular entry is cleared from the 
log Buffer. The entry includes: VLAN, port number, Source and Destination IP and MAC 
addresses. 

On Cat-2 

Cat-2(config}#ip arp inspection log-buffer logsM interval 5 
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Note when the logs is set to 0, the switch will NOT generate a system message. 
To test thi 1 i'onti»umtion: 

On R5 

To test this configuration, the MAC address of R5 is removed and a ping is issued to emulate an 
invalid binding. 

R5(config)#int fl) 1 
R5(config-if)r*no mac 

R5*Ping 20.1.1.1 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 20.1. 1 J, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

Cat-2#Sh ip arp inspection log 

Total Log Buffer Size : 32 

Syslog rate : entries per 5 seconds. 

Interface Vlan Sender MAC Sender IP Num Pkts Reason Time 

FaO/5 22 00 1 2.d9d7.99a9 20. 1.1.5 8 Acl Deny 21:18:15 L'TC Tuc Mar 2 1993 

Task 23 

Configure SNMP on Cat-1 using the following parameters: 

> NMS IP address is 192.168.1.100 

> RO community should be TST-RO 



> RW community should be TST-RW 

> The NMS is using Vcrsio n 2C 

> The community string should be "eisco" 
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On Cat-1 

Cat- I(config)#snmp-servcr host 1 92. 1 68.1 .1 00 version 2c cisco 
Cat- 1( con fig )#snmp- server community TST-RO ro 
Cat- 1 (con fig)#snmp- server community TST-RW rw 






I ask 24 

Configure Cat-2 sueh that if in the future it. is configured with BGP. it should send BGP 
notifications to the SNMP server with an address oi' 192. 168. I.I. The switch should send 
these notifications using traps. Ensure that the switch uses version 2C and a community 
string of "cisco" 






On Cat-2 

Cat-2(config)#Snmp-scrvcr host 192.168.1.1 traps version 2C cisco hgp 
Cat-2(config)#Snmp-scrvcr enable traps hgp 






Task 25 

Configure Cat-3 to send all traps to the host "PCI. Micro nksTraining.com'" using 
community string of "cisco". The switch should resolve this FQDN to 10. 1. 1.200 locally. 






On Cat-3 

Cat-3(config)#ip host PCl.MieroniesTraininy.eom 10.1.1.200 

Catof con fig)#Snmp- server enable traps 

C at - 3( co nfig)#Snmp- server host PC 1 .MieronicsTraining.com cisco 




cc 


I ask 26 

Configure SNMP on Cat-4 using the following parameters: 

The SNMP manager must have Read-Only permission access to all objects using "cisco" 

as the string. 

IE R&* b> Narbik KoeharLans Advanced CC1E R&S Work Book 2.0 Page MOofJt 

C2Q09 N»rbik Koch* rum All rq|liu reserved 


US 





The switch should send VTP traps to 10.1. 1. 10, 10.1 .1. 100 and 10.1.1.200 using the 
lb 1 lo wing SN" \\ P ver sio ns : 

Host 10.1.1.1 SNMP version 1 , Host 1 0. 1 . 1 . 1 00 and 10.1.1. 200 SXMPvZC 
Ensure that the community string of "cisco" is sent with the traps: 






On Cat-4 

Cat-4(config)#Snmp-scrver community cisco 
Cat-4i con fig)#Snmp- server enable traps VTP 
Cat-4(config)#Snmp-scrvcr host 10. 1.1.10 version 1 cisco 
Cat-4(config)#Snmp- server host 1 0. 1 . 1 . 1 00 version 2C c isco 
Cat-4(coniig)#Snmp-scrvcr host 10.1.1.200 version 2C cisco 






las k 27 

En sum that Cat-4 is configured with the following parameters for its previous SNMP 
configuration: 

> Contact: Micron ics Networking and Training Inc 
'*■ Location: Building A. Sydney office 






On Cat-4 

Cat-4(config)#snmp-s location Building A, Sydney office 

C at -4(config)#snmp- scon tact Micronics Networking and Training Inc 




Task 28 

Configure Cat-I such that whenever the switch learns or removes a MAC address on its 
port FO/18, an SNMP notification is generated and sent to the WIS located at 
192. 168. 1. 100. Since there are many users coming and going from the network, set up a 
trap interval time to bundle the notification traps and reduce network traffic using the 
following parameters: 

> The traps should be generated every 30 minutes. 

> Th e t r ap sh o u id con tai n a maximum o f 1 5 en tries. 
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This feature enables us to track users on a network by storing the Mae address 
activity on the snitch. Once configured, every time a MAC address is learned 
or removed an SVMP notification is generated and sent to the NEWS. On a very 
busy network when lots of users come and go, the default liehavior is that an 
SVMP trap is sent every second. Because this can consume bandwidth, there 
are two parameters that can be configured to remedy this situation and they 
are as follows: 

£■ Mac address-table notification interval — This value specifics the 
notification trap interval in seconds between each set of traps that arc 
generated to the WIS. Default value is one second, and the range is — 
2,147,483,647 seconds. 

'*> Mac address-table notification hi story- size — Specifics the maximum 

number of entries in the MAC notification history tabic. The default value is 
1 „ and the range is 1 — 500 entries. 

On Cat -I 

Cat-l(contig)f#Snmp-server host 192.168.1.100 traps private 

The above command identifies the VMS 

Cat-](config)#Snmp-ser\er enable traps mac-notification 

This command enables SNMP traps mac-notification 

Cat- l(config)#M a c- address- table notification 

The above command enables the mac address-table notification on the switch 

Cat-l('coniig')#M a c- address- table notification interval 1800 

This command sets the interval 

Cut- Ii conl:g)-Mae-address-table notification history-size 150 

This command sets the historv-size 

Cat.l(conlig)#IntfU/18 

Cat-l(conng-if)r*Snmp trap mac-notification added 

To enable the MAC notification trap whenever a MAC address is added 



CCIE R&i* bv Narbik Kuchariami 



Advanced CCIE R&S Work Book 2.0 

C 2009 Vtrbik Kucha rkni. All rijhU reerved 



Page 162 of 1068 



Cat-l(config-if)#Snmp trap mac-notification removed 

To enable the MAC notification trap whenever a MAC address is removed 

To verify the configuration: 

On Cat-1 

Cat- l#Show mae-addrcss-t able notification interface rT)-' 1 8 

MAC Notification Feature is Enabled on the switch 

Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOiS Enabled Enabled 

Cat- lwShow mac -address-table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1800 sees 

Number of MAC Addresses Added : 

Number of MAC Addresses Removed : 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Table contents 



Task 29 

You received another request from your IT department to keep track of all the MAC 
addresses that arc learned byCat-2 port F0 18. The switch must use the NMS located at 
192. 168. 1. 1 .'24. configure the switch to handle this request. You should use an IP 
address of 2.2.2.2 8 to accomplish this task. 
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On Cat-2 

Cat-2(config)#Snmp-server host 192.168.1.1 trap private 
%IP_SNMP-3-SOCKET: can't open LDP socket 

Unable to open socket on port 161 

Note since this switch is not configured with an IF address, it will fail to 
configure the Snrnp server. Therefore, an IP address should be configured 
before entering the "snrnp- server" command as follows: 

Cat-2(config)#IntloO 
Cat-2(config-ii>lp addr 22.2.2 255.0.0.0 

To setup the Snmp- Server: 

Cat-2(config)#snmp-ser\er host 192.168.1.1 trap private 

Configures the switch to send mac-address traps to the N.MS: 

Cat-2(contig)#snm.p-server enable traps mac-notification 

To enable MAC-address notification: 

Cat-2( coring )"mae-ad dress -table notification 

Cat-2i;conng)#IntcrfGT8 

Cat-2(config-ifVsnmp trap mac-notification added 

The above command enables the SNMP trap on interface FoVlS and configures 
the switch to send MAC notification traps whenever a MAC-address is added. 
If the switch must be configured to report the MAC addresses that are learnt 
and expired, then "snmp trap inac-notificalion re nun ed " com man d musl also 
be configured. 

To verify the configuration: 

On Cat-2 

Cat-2#Show mac -address-table notification interface fO 1 8 

MAC Notification Feature is Enabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

Fast E t h cm ct 0. ' 18 E na b I ed D is ab led 
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Note if the "snmp trap mac-notification removed" command was also entered 
for FwVlS interface, under the "MAC removed Trap" column you will also see 
as "Enabled". 

Cat -2- Show m ac -add rcss-t able notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1 sees 

Number of MAC Addresses Added : 

Number of MAC Addresses Removed : 

Number of'Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 1 

Current History Tabic Length : 

MAC Notification Traps are Enabled 

History Table contents 








Task 30 

Shut down the following ports: 

The ports that connects Cat- 3 to Cat -4 

On Cat-I and Cat -2 FO/23-24 and FQ'2 1 -22 








On Cat-I 

Cat- 1 (con%)#int range FO/2 1 -24 
Cat- 1 ( con fig- if-rangc)# shut 

On Cat-2 

Cat-2(coniig)#intcrfacc range FO/2 1-24 
Cat-2(config-if-range)#Shut 

On Cat-3 

Cat-3(config)#Intcr range FQ'2 1-24 
C at- 3( co n tig- i t-rangc)#S hu t 

On Cat -4 

Cat-4(config)#lnt range FO/2 I -24 




cc 
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Task 3 1 

Establish a trunk using an industry solution between Cat-1 and Cat-2 using ports FQi 9- 

20; to STP these two ports should appear as one. 

The ports on Cat-! should be in passive negotiation state in which it should ONLY 

respond to PAgP packets. 

Cat-2 should be eon figured appropriately. 



PAgP is a Cisco proprietary protocol that can be used! to automatically create 
Ethei Channe h by exchanging PAgP packets between Ethernet polls. PAgP has two 
modes of operation: 

Auto: 71 .r mode places the port's into a passive negotiation state, in which the ports 
ONLY respond to PAgP packets that they receive. Ports in this mode WILL NOT start 
PAgP packet negotiation, which minimizes the transmission of PAgP packets. If both 
ends of a given link arc configured in AUTO mode, they will NOT negotiate a trunk. 

Desirable: this mode places the port's into an active negotiation state, in which the potts 
start negotiation by sending PAgP packets., Desirable mode will negotiate a trunk with 
another port configured in cither AUTO or DESIRABLE mode. 

On Cat-1 



Cat- ](config)#int range fll'I 9-20 



Cat- l(contig-il 
Cat-l(config-ii 
Cat-1 (config-if 

On Cat-2 



rangc)#swi trunk encap dot I q 
rangc)#swi mode trunk 
range)#channcl-group 1 mode auto 



Cat-2(config)#int range fl)/l 9-20 
Cat-2(config-if-range)#swi trunk encap dotlq 
Cat-2(contig-if-rangc)^swi mode trunk 
Cat-2(contig-if-rangc)#chanricl-group I mode desirable 

To verify the confte uratiun: 

On Cat-1 
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Cat- I#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

Pol on 802. lq trunking I 

(The output is modified to only shows the Port Chan net/ 

Cat- InShow pagp neighbor 

Flags: S - Device is sending Slow hello. C - Device is in Consistent state. 
A - Device is in Auto mode. P - Device learns on physical port. 

Channel group 1 neighbors 

Partner Partner Partner Partner Group 

Port Name Device ID Port Age Flags Cap. 

FaO.'ia Cat -2 QO19.2f9O.aeQ0 Fa0.19 1 7s SC 1000! 

)/20 Cat-2 00I9.2t90.ae00 Fa0/20 10s SC 10001 



Cat- If* Show cthcrchanncl 1 summary 

Flags: D - down P - in port -channel 

I ■ stand-alone s ■ suspended 

H - Hot-standby (LACP only) 

R - Laycr3 S - Laycr2 

L' - in use f- tailed to allocate aggregator 

u - unsuitable tor bundling 

w ■ waiting to be aggregated 

d - default port 

Number of channel-groups in usee 1 
Number of aggregators: 1 

Group Port-channel Protocol Ports 

■- - -- 

I Pol(SL') PAgP FaO,']9i;P) Fa0/2O(P) 



Task 32 

Configure the EthcrChannel from the previous step such that packets sent to the same 
MAC address will use the same port. 
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Ether Channel load balancing can foe configured in one of the following methods: 

Source MAC address forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source MAC address of the incoming packets. Asa 
result oft hat,, packets from different hosts use different ports. 

Pes! hi a (ion MAC" address I'orw ardin^: 

In this method., when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the destination host's MAC address., as a result of that, 
packets to the same destination, arc forwarded out of the same port. 

Source and Destination MAC address forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the both source and destination MAC address, as a 
result of that, packets from a given host to a given destination will use the same port. 

Source IP address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source IP address of the incoming packet. As a 
result of that, packets with different source IP address will use different port. 

Res! in a lion IV address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the destination IP address of the incoming packet, as a 
result of that, packets to the same destination will use the same port. 

Source and Destination IP address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source and destination IP addresses. Asa result of 
that, packets from a given IP source to a specific IP destination will use the same port. 

On Both Switches: 

(config.^Port-channel load-balance dst-mac 

To verify the cont'iauration: 

On Cat- 1 

Cat- lftShow cthcrchanncl load -balance 

EthcrChanncI Load- Balancing Operational State (dst-mac): 
Non-IP: Destination MAC address 
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IPv4: Destination MAC address 
IPv6: Destination IP address 



Task 33 

Configure a layer 3 EthcrChanncl using ports FO/21 -22 connecting Cat-2 to Cat-4. These 

ports should NOT use any protocol's to negotiate an EthcrChanncl. L'sc the following IP 

addresses: 

Cat-2 - 1 0.1 .24.2 ,24 and Cat-4 - 1 0.1 .24.4 /24 



When configuring a layer 3 EtherChannels the port-channel interface should he 
titrated first and then, assigned to the physical port using the "Channel-group'" 

command. 

On Cat-2 

Cat-2(config)#int port -channel 24 
Cat- 2( co n fig- i f)#N O swi tc hpo rt 
Cat-2(config-if)#ip address 10. 1 24.2 255255.255.0 



Cat-2(config)#int range FO/21 -22 

range )#no switchport 
rangc)#channcl-group 24 mode on 
range)#NO shut 



Cat- 2( con fig- if 
Cat-2(config-if 
Cat-2(config-if 

On Cat-4 



Before configuring this switch for a layer 3 EtherChannel, remember that you must 
change the "SDM prefer VLAN", or else the I OS will NOT allow you to create a 
port -channel interface. 

Cat-4(config)sdm prefer routing 
Cat-4#reIoad 

After the switch is reloaded: 

Cat-4(config)#lnt port-channel 24 

C at-4(co n fig- i f)#N O swi 

Cat-4(config-if)#ip address 10.1.24.4 255.255.255.0 
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Cat-4(coni.g')#int range ft). '"2 1-22 
Cat-4(contig-if-range)#NO swi 
Cat-4(contig-if-rangc)#chanricl-gruup 24 mode on 
Cat-4(contig-if-range)#no shut 

Note in this case we must use the "Channel- group 24 mode ON'" command, the ON 
tells the switch NOT to use PAgP or LACP to negotiate the EtherChannel. With 
mode both ends of the links should be configured \>ith mode set to "ON". 

To test the configuration: 

On Cat-2 

Cat-2*Ping 10.1.24.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.24.4, timeout is 2 seconds: 



Success rate is 80 percent £4/5), round-trip min.'avg'max= 1/1/1 ms 
To verit'v the configuration: 

Cat-2 

C"at-2~Sho\v cthcrchannel summary 

Flags: D - down P - in port -channel 
I - stand-alone s - suspended 
H - Hot-standby (LACP only) 
R - Layer 3 S - Laycr2 
L' - in use f - tailed to allocate aggregator 
u - unsuitable tor bundling 
W - waiting to be aggregated 
d - default port 

Number est' channel -groups in use: 2 
Number ot* aggregators: 2 

Group Port -channel Protocol Ports 

I Pol(SU) PAgP FaD/19(P) Fa0,'20(P"> 

24 Po24(RL") - FaO'21(P) FaO."22i;P) 

Note the letter "R'" to the right of the Po24 states that this is a layer 3 EtherChannel, 
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whereas, the letter "S'" to the right of the Pol, states that the link is. a layer 2 
E t he i Channel. 



Task 34 

Establish a trunk using Cisco proprietary solution between Cat -4 and Cat-3 using ports 
FQ' 19-20; to STP these two ports should appear as one. 

The ports on Cat-4 should he configured such that they start negotiation process by 
sending LACP packets. The ports on Cat-3- should NOT be configured the same 



LACP is an industry standard (IEEE 802.3ad| solution lor managing 
Ethei Channels between the switches. LACP offers t**o modes of operation: 

Active: In this mode the ports arc placed into an active negotiation state, in whic h the 
ports involved start negotiating with other ports by sending LACP packets. If both ends 
of a given link arc configured in Active or Passive mode,, the ports will negotiate an 
Ether Channel. 

Passive: In this mode the ports arc placed into a passive mode, in which the ports can 
ONLY respond to LACP packets that they receive. If both ends of a given link arc 
configured in Passive mode, the ports will NOT negotiate an EthcrChanncl, whereas,, an 
active mode configured on one side and Passive configured on the other the switches wil 
negotiate an EthcrChanncl link. 

On Cat-4 

Cat-4(config)#int range fiJ/1 9-20 
Cat-4(config-if-rangc)#swi trunk encap isl 
Cat-4(config-if-rangc)#swi mode trunk 
Cat-4(config-if-rangc)#channcl-group 34 mode active 
Cat-4(config-if-range)#no shut 

On Cat-3 

Cat- 3(00 n fig)#ir t range FO; 1 9 -2 
Cat-3(config-if-rangc)#5wi trunk encap isl 
Cat-3(config-if-range)#swi mode trunk 
Cat-3(config-if-range)#channcl-group 34 mode passive 
Cat-3(config-if-range)#!\0 shut 

To verify the configuration: 
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On Cat-3 

Cat-3#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

Po34 on isl trunking 1 

Port Vlans allowed on trunk 
Po34 1-4094 

Port Vlans allowed and active in management domain 
Po34 I 

Port Vlans in spanning tree forwarding state and not pruned 
Po34 I 

Caj-3#Sh cthcrchanncl summ 

Flags: D - down P - in port -channel 

1 ■ stand-alone s ■ suspended 

H - Hot-standby (LACP only) 

R - Laycr3 S - Laycr2 

L* - in use f - tailed to allocate aggregator 

U - unsuitable for bundling 

w - waiting to be aggregated 

d - default port 
Number of channel-groups in use; 1 
Number of aggregators: 1 

Group Port -channel Protocol Ports 

34 Po34(SU) LACP FaO I9fP) Fau720(P) 



Task 35 

In the future you will be adding another 14 ports to this EthcrChanncl, ensure that port 
FO/19 of Cat-3 and Cat-4 will be one of the ports that will be in active state first and not 
standby. 



Before tiny changes art' made, the default parameters should he cheeked, as 
follows: 
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Cat-3#Sh laep 34 internal 

Flags: S - Device is requesting Slow LACPDL's 
F - Device is requesting Fast LACPDL's 
A - Device is in Active mode P - Device is in Passive mode 

Channel group 34 









LACP port 


Admin 


Opcr 


Port 


Port 


Port 


Flags 


Stale 


Priority 


Key 


Kcv 


Number 


State 


Fa0i9 


SP 


bndl 


32768 


0x22 


0x22 


OxF 


0x3C 


FaO/20 


SP 


bndl 


32768 


0x22 


0x22 


0x10 


0x3C 



When LACP is configured, it will try to use maximum number of ports in a 
given channel, up to a maximum of 16 ports. But only 8 ports can be active at 
any time, the additional ports are placed in a hot -stand by state, this decision is 
made by the system; if one of the active ports goes down, one of the hot- 
standby links nill become active. 
Every link has a unique priority which is made up of: 

> LACP system priority 

> System-ID (Which is a combination of LACP-Priority and switch MAC 
address) 

> LACP port priority 

> Port number 

Numerically lower value will always have a higher priority. 

This priority decides which ports should be place in hot-standby mode, and 

which ports should be in Active mode. 

On Both Switches 

(coniig)#intfTJ,T9 
(config-ir^lacp port -priority 1 

To verify the confitf oration: 

On Cat-3 

Cat-3#Sh lacp 34 internal 

Flags: S - Device is requesting Slow LACPDL's 
F - Device is requesting Fast LACPDL's 

A - Device is in Active mode P - Device is in Passive mode 
Channel group 34 
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LACP port 


Admin 


Opcr 


Port 


Port 


Port 


Flags 


Sl.LII.L- 


Priority 


Key 


Key 


Number 


State 


FaO/19 


SP 


bndl 


1 


0x22 


0x22 


OxF 


0x3C 


FaD/20 


SP 


hnJ. 


32 "68 


0x22 


0x22 


0x10 


Qx3C 



1 ask 36 

Configure a layer 3 EthcrChannel using ports F0 2 1 -22 connecting Cat- 1 to Cat- 3. These 

ports should use IEEE 802. ad to negotiate an EthcrChannel. Use the following IP 

addresses: 

Cat- 1 - 1 0.1.1 3.1 /24 and Cat-3 - 1 0.1 .1 3.3 24 



On Cat-1 






Cat- l(config)#int port -channel 13 

Cat-1 (con tig- il)r#no swi 

Cat- l(config-if)#ip addr 1 0. 1 . 13. 1 255 


.255.255.0 


Cat- l(config- 
Cat-I(config- 
Cat-l(config- 
Cat-l(config- 


i $tui range ftl 2 1-22 
if-rangc)#no swi 
i f-r ange )#C han nc 1-gro u p 
if-rangc)#\o shut 


1 3 mode passive 


On Cat-3 






Cat-3(coniig) 
Cat-3(config- 
Cat-3(config- 


"int port -channel 13 

if)#no swi 

il>ip address 10. 1 . 1 3.3 255255.255.0 


Cat-3(config- 
C at- 3( con fig- 
Cat -3( con fig- 
Cat -3( con tig- 


i f)#int range flX'2 1-22 
if-rangc)#no swi 
ii-rangc)nchanncl-group 
if-rangc)#no Shut 


13 mode active 


To vcrifv the configuration: 




On Cat-1 






Cat-l*P:na 10.1.13.3 
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Type escape sequence to abort. 

Sending 5, 100-bytelCMP Echosto 10.1.13.3, timeout is2 seconds: 

MM 

S lie e e ss ra te i s 8 pe r c e n t (4/5), round -trip m in.'avg.' max = 1 / 1 / 1 ms 



las k 37 

Erase the config.tcxt and vlan.dat tile and reload the switches before proceeding to the 
next task. 



On All Switches: 

Cat- l#pwd 

This command display the current working directory 

flash: 

^delete con fig, text 

Delete filename [config.tcxt]? 

Delete tlashrconfig.text? [confirm] 

#dclcte vlan.dat 

Delete filename [vlan.dat J? 

Delete flash: vlan.dat? [confirm] 

Cat-lffdir 
Dircctoryof Hash:/ 

4 -rwx 7252875 Mar 1 1993 00:03:37 -00:00 c3560-advipscrvicesk9-mz.l22-25.SEB4.bin 

5 drwx 192 Mar 1 1993 00:05:36-00:00 c3560-ipbasc-mz.122-25.SEB4 

15998976 bytes total f 173 1 072 bytes free) 



Task 38 

Configure a trunk between Cat- 1 and Cat-2 using ports F0. 1 9-20: use a Cisco proprietary 
t run king solution to accomplish this task. You should Shutdown ports F0/21-24 on both 
Cat-2 and Cat-2. 



CCIE R&*> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 17SoflQ68 

E 2009 V«rl>ik Kucha rlim All rij|hU n-imtil 











On Both Switches: 

i;coniig')#int range til'' 19-20 
(config-if-rangc)#swi trunk encap isl 
( co niig- it-ran gc)#swi mode trunk 

( config)# int range FO/2 1 -24 
(config-if-rangc)#shut 






Task 39 

Configure Rl and R2 based on the following parameters and ensure that the following 
ports arc in VLAN 12: 

R 1 : s F0.-0 - 10. I.I 2.1 .24 and R2 1 s FQ-'l - 1 0.1 . 12.2 ,24 






On Rl 

Rl(config)#intiM) 

Rli;config-if)#ipaddr 10.1.12.1 255255.255.0 

R 1 (c o n fig- if )#no s hut 

On R2 

R2(config)#* int til/1 

R2(config-il>ip addr 10.1.122 255255.255.0 

R2iconfig-ii>\0 shut 

On Cat-1 

Cat-l(contig)TTvtp domain TST 

Cat-l(config)#int flli 

Cat- lfconlig-if^swi mode ace 

Cat- l(conlig-if)rrswiacc v 12 
Cat- 1 ( co n fig- if)#s panning portfast 

On Cat-2 
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Cat-2(config)#int ft) .2 
Cat-2(contig-if)#swi mode ace 
Cat-2(conlig-if)#swiacc v 12 
Cat-2(contig-if)#spanning port fast 

To test the configuration: 

On Rl 

Rjjgjmg 10. 1.12.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10.1.12.2, timeout is 2 seconds: 



Suce ess rate is 8(1 percent (4/5), round -trip min/avg/max .= 1/1/4 ms 



las k 40 
Configure Cat- 1 such that it marks all traffic from Rl with an IP Precedence of 1. 



On Cat-1 

Cat- l(coniig)#rnls qos 

QOS should he enabled, if QOS is NOT enabled, the policy will NOT have any affect. 

Cat- l(config)#Ac cess- list 100 permit ip any any 

Cat- 1 (coniig)#c lass-map QOS 

Oat- 1 ( co nlig-c map )# match access-group 100 

Cat- l(contig-emap)npolicy-map TST 
Cat- 1 ( co n fig- p map )#c lass QOS 
Cat-l(config-pmap-c)#sct ip precedence 1 

Cat-l(conlig-pmap-c)#int ttl'l 
Cat-l(contig-il)r*service-policy input TST 

Note on 3560s there arc fen things tliat art' NO I' supported and they are 
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Sen' ice-policy is NOT supported on the Outbound direction, you should receive the 
Following message: 

Warning: Assigning a policy map to the output side of an interface not supported 

In the class-map the "input- interface" can NOT he used, if it is used you will get the 
following message when applying the ■■Service-policy'" to an interface: 

%Q»S: policy-map TSTwith MATCH INPUT-INTERFACE not allowed on non-SY I interface 
Service Policy attachment failed 

To verify the configuration: 



On Cat -I 

Cat- l#Sh class- map 

Class Map match-any class-default (id 0) 
Match any 

Class M ap match-all QOS (id 1) 
Match access-group 100 

Cat- l#Show access- list 

Extended IP access list 100 
10 permit ip any any 

Cat- l"Sho\v policy map 

Policy Map TST 
Class QOS 

set ip precedence 1 

To test the configuration: 

To test the configuration, an access-list should he created permitting each IP Precedence 
value with a log option. This is created so \*e can test different traffic marked with different 
IP Precedence levels generated by Rl. 

On R2 

R2(eonfig)#ae cess- list 100 permit ip any any Precedence log 
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R2(config)#acccss-list 100 permit ip any any Precedence 1 log 
R2(config)#acccss-list 100 permit ip any any Precedence 2 log 
R2(config)#access-list 100 permit ip any any Precedence 3 log 
R2iL'onfig)#acccss-list 100 permit ip any any Precedence 4 log 
R2(eonfig)#acccss-list 100 permit ip any any Precedence 5 log 
R2(config)#access-list 100 permit ip any any Precedence 6 log 
R2(t:onfig)#aeccss-list 100 permit ip any any Precedence 7 log 
R2(config)#acccss-list 100 permit ip any any log 

R2(config)#intt0/1 
R2(eonfig-if)#ip access-group 100 in 



To tfst tht' i-oniljjuration: 



Generate traffic from \i\ : 



On Rl 

Rl*Ping 10. 1.12.2 repeat 10 

Type escape sequence to abort. 

Sending 10, 100-bytc 1CMP Echosto 10.1.12.2, timeout is2 seconds: 

I M M II M I 

Success rate is 100 percent (10/10), round-trip min.'avg/max = 1/2/4 ms 
On R2 

R2r*Ship ace ess- list 100 

Extended IP access list 1 00 

1 permit ip any any precedence routine log 

20 permit ip any any precedence priority log (10 mutches} 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence flash log 

50 permit ip any any precedence tl ash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

80 permit ip any any precedence network log 

90 permit ip any any log 

Note the 10 ICMP packets matched IP Precedence 1. The reason that the packets inbound 
to Rl have preserved their marking is because theQOS on the second switch fCat-2) is 
disabled. If the "MLS QOS'" is disabled, the packets will traverse through thesxMteh x*ith 
their marking untouched. If the "MLS QOS** is enabled, the switch will remark all packets 



CCIE R&!s b\ Narbik kuirhariaiw Advanced COE R&S Work Book 2.11 Pqge 179oflQ68 

C 2009 Narbik Kucha rianx All rijjIiU rcirrvcil 



with IP Precedence of 0. To test this, the QOS of the second switch should he en a hied as 

follows: 

On Cat-2 

Cat- I(config)r*MIs qos 

To verify thi' configuration: 

On Cat-2 

Cat-2#Show mis qos 

QoS is enahled 

QoS ip packet dscp rewrite is enabled 

To generate some traffic on Rl: . .. Note 10 pings are initiated 

Rl*Ping 10. 1.12.2 repeat 10 

Type escape sequence to abort. 

Sending 15. 100-bytc ICMP Eehosto 10.1.12.2, timeout is 2 seconds: 

MII1IMM 

Success rate is 100 percent (10/ 10), round-trip min.'avg/max = 1/1/4 ms 
To verify the configuration: 

On R2 

R2^Sh access-list 

Extended IP access list 100 

10 permit ip any any precedence routine log (10 matches) 

20 permit ip any any precedence priority log (1 matches) 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence flash log 

50 permit ip any any precedence flash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

SO permit ip any any precedence network log 

90 permit ip any any log 

Note uIil'ii Ira flic from Rl traversed through Cat-1. Cat-1 remarked the traffic xsith IP 
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Precedence of 1, but because QOS was enabled on another snitch a I out! the path to R2, in 
this case Cat-2, \>hen the traffic traversed that snitch, the snitch remarked the traffic back 
to zero. 



Task 41 

Ensure that the traffic from Rl retains its Precedence level; DC) NOT disable QOS on 
Cat-2. 



On Cat-2 

Cat-2(config)#int range ffl/1 9-20 
Cat-2(coniig-if-rangc)#mls qos trust ip-precedence 

The above command shows how to set the trusted state of an interface to IP 
precedence 

To test the configuration: 
On R2 

R2#CIcar access-list counters 
On RI 



RlgPing 10. 1.12.2 repeat 25 

Type escape sequence to abort, 

Sending 25, 100-hytc ICMP Echos to 10. 1. 12.2, timeout is 2 seconds: 



!ll!1IMM!tll!llM!l!MI 



Success rate is 100 percent (25/25), round-trip min.'avg/max = 1/1/4 ms 
On R2 

R2n=Sh access-list 

Extended IP access list 1 00 

1 permit ip any any precedence routine log 

20 permit ip any any precedence priority log (25 matches) 

30 permit ip any any precedence immediate log 
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40 permit ip any any precedence flash log 

50 permit ip any any precedence flash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

SO permit ip any any precedence network log 

90 permit ip any any log 

Note the IP Precedence level is retained. 






Task 42 

Configure R3 and R4 in VLAN 34 and R5 and R6 in VLAX 56; use the following IP 
addresses to configure these routers. 

R3's F0.-0 - 10. 1 .34.3 ,24 and R4's F0 1 - 1 0.1.34.4 .'24 
R5's F0/0 - 10. 1 .56.5 .'24 and R6's F0 1 - 1 0. 1 .56.6 .'24 

You should provide Inter- VLAX routing between these two VLAXs, and Vlan 12, use 
the following IP addresses as their default gateway: 
For Man 12- 10.1.12.100/24 
For Man 34- 10.1.34.100.24 
For Vlan 56 -10.1.56.100 24 






On R3 

R3(config)#int fiTO 

R3(config-if)#ip addr 10. 1 .34.3 255.255.255.0 

R3(config-if)rrno shut 

On R4 

R4(config)#intfl)/l 

R4(config-it>ip address 1 0. 1 .34.4 255.255.255.0 

R4(config-if)r#no shut 

On R5 

R5(config)#in1 tfl'O 

R5iconfig-il>ip addr 10.1.56.5 "^55.255.^55.0 

R5fconfig-if)r#no shut 




cc 
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On K6 

R6(config)#intffl,'l 

R6(config-ii>ip address 10.1.56.6 255.255.255.0 

R6 icon fig- if)#no shut 

On Cat- 1 



Cat- l(config)#int IDG 
Cat- 1( con fig- if)rrS witch port mode access 
Cat- l(config-if)#s witch port access vlan 34 
Cat- 1 (con fig- if)#s panning portfast 

Cat-l(config)#int fl)/5 
Cat-l(config-if)rrSwitehport mode access 
Cat- l(config-if)#switchport access v'ian 56 
Cat- l(config-if)#spanning portfast 

On Cat-2 

Cat-2(config)#int fl)/4 
Cat-2(config-if)#swi mode access 
Cat-2(config-if)rrswi access vlan 34 
Cat - 2( con fig- ilVs panning portfast 

Cat-2(config)#int fll''6 
Cat-2(config-ift#swi mode access 
C at -2( con fig- if)rrswi access vlan 56 
Cat-2(config-if)#spanning portfast 

To provide Inter-Vlan routing: 

On Cat-2 

Cat-2(config)#]p routing 

Cat-2(config)#int vlan 1.2 

Cat.2i;config.ii)#ip address 10. 1.12.100 255.255.255.0 

Cat-2i;config)#intvlan 34 

Cat-2(config.if)#ip addr 10.1.34.100 255.255.255.0 

Cat-2(config)#int vlan 56 

Cat-2i;config-if^ip addr 1 0. 1 .56. 1 00 255. 255. 255.0 
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On Rl and R2 

(OCHifig)#ip route 0.0.0.0 0.0.0.0 1 0. 1.11 100 
On R3and R4 

(coniig)# ip route .0. 0. 0.0 .0.0 1 0. 1 . 34. 1 00 

On R5 and R6 

(coniig)#ip route 0.0.0.0 0.0.0.0 1 0. 1.56. 100 

To test the configuration: 

On Rl 

Rl*Ping 10.1.34.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo s to 10.1.34.3, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 
Rl»Ping 10.1.34.4 

TypB escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.34.4. timeout is 2 seconds: 

MM 

Success rate is SO percent (4/5), round-trip min/avg/max = 1/1/4 ms 

RlflPing 10.1.56.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.56.5, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 

Rl*Pin» 10.1.56.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.56.6, timeout is 2 seconds: 

( (I M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 
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las k 43 

Ensure that the traffic in VLAX 12 is marked with Precedence 3 and the traffic in VLAN 
34 is marked with Precedence 4. All other traffic should be set to Precedence 0. 



To configure this task, t\>o Class-maps are created, one is called VLAN- 12 and the 
second one is called VLAN-34, then, two policy-maps are created, one called VLAN- 12 
and the second one is called VLAN-34, then, the poliewnap VLAN- 12 is applied to 
interface Man 12 and policy-map VLAN-34 is applied to interlace vlan 34, lastly, the 
"mis qos vlan-hased"' command is applied to the physical interlaces in the trunk. 

On Cat-2 

C at -2(config)#ac cess- list 100 permit ip any any 

Cat-2(config)#c lass- map VLAN- 1 2 
Cat-2(config-cmap)#match access-group 100 

Cat-2(config)#Policy-rniap VLAX- 1 2 
Cat-2(coniig-pmap)k:iass VLAX- 1 2 
Cat-2(conng-pmap-c)T*sct ip precedence 3 

Cat-2(config)#C lass-map VLAX- 34 
Cat-2(confjg-cmap)#match access-group 100 

Cat-2(config)#Poliey-rniap VLAN-34 
Cat- 2( con fig- p map )#C lass VLAN-34 
Cat-2(config-pmap-c)T*sct ip precedence 4 

Cat-2(config)#intcriacc Vlan 12 
Cat-2(config-if)#scrvicc-polk:y in VLAX- 1 2 

Cat-2(config)#intcriacc vlan 34 
Cat-2(config-il')r#scmcc-polk:y in VLAN-34 

Cat- 2( co nfig)#int range fO/1 9-20 
Cat-2(config-if-range)rrroils qos vlan-bascd 
In test the configuration: 

On R2 

R2" Clear ace ess- list counters 
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This command is entered to clear the counters on configured access-list 

On kl 

ftlfgrag 10. 1.12.2 repeat 12 

Type escape sequence to abort. 

Sending 12, 100-byte 1CMP Echosto 10.1.12.2, timeout is 2 seconds: 

f M M II M M I 

Success rate is 100 percent (12/ 12), round-trip min.'avg/max = 1/2/4 ms 

The above Ping is repeated 12 times so it could be identified as traffic coming from 
VLAN 12 

On K3 

R3#Ping 10.1.12.2 repeat 34 

Type escape sequence to abort. 

Sending 34, 1 00-bytc 1CMP Eehos to 1 0. 1. 12.2, timeout is 2 seconds: 



IIIIIIIIIIMIIIIIIIIIIIIIIIIIIIIII 



Success rate is 100 percent (34/34), round-trip min.'avg/max = 1/2/4 ms 

The above Ping is repeated 34 times so it could be identified as traffic coming from 
VLAN 34 

On R5 

R5*Ping 10.1.12.2 repeat 56 

Type escape sequence to abort. 

Sending 56, 1 00-bytc 1CMP Echosto 10.1.12.2, timeout is 2 seconds: 

HHll!IUI1IHHMHUHI11IIMIHlHimHIIHHniUI 

Success rate is 100 percent (56/56), round-trip min.'avg/max = 1/1/4 ms 

The above Ping is repeated 56 times so it could be identified as traffic coming from 
VLAN 56 



To verify the configuration: 



On R2 
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R2*Sh access-list 



Untagged traffic (VLAN 5ft) 

I 



Extended IP access list 1 00 

10 permit ip any any precedence routine lot; (56 matches) 

20 permit ip any any precedence priority log 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence Hash lot; (12 matches) 



50 permit ip any any precedence flash -overridt 

60 permit ip any any precedence critical log 
70 permit ip any any precedence internet log 
SO permit ip any any precedence network log 
90 permit ip any any log 

Traffic from VLAN 34 tagged \tith IP Precedence 4 

Traffic from VLAN 12 tagged with IP Precedence 3 



log (34 matches) 



Task 44 

Erase the config.tcxt and VI an .d at and reload the switches before proceeding to the next 
lab. 
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Lab 5 - Advanced Spanning-trcc protocol 

Configuration 



FQ/19-20 








Tl 




S 




N> 




•^ 




ha 




kl 



FO/19-20 



Task I 



Shut down all ports except ports FO I 9-22 on all switches. 



On All Switches: 




(coniig)#]ntcdacc range FO/l-18 , FO/23-24 


(eonfig-it-rangc)#Shutdown 




I o vcrifv the confiauration: 




On All Switch: 




Port Name Status VI an 


Duplex Speed Type 


FaO.T disabled I 


auto auto 10 100BaseTX 


FaO/2 disabled 1 


auto auto 10 100BaseTX 
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FaO 3 disabled I auto auto 10" 100BaseTX 








FaO/4 disabled 1 auto auto 1 0. 1 OOBascTX 








FaO/5 disabled i auto auto 10 100BaseTX 








FaO/6 disabled 1 auto auto 10 100BaseTX 








FaO/7 disabled 1 auto auto 1 1 OOBascTX 








FaO/8 disabled i auto auto 10 100BaseTX 








FaO/9 disabled 1 auto auto 10/1 OOBascTX 








FaO/ 10 disabled 1 auto auto 1 100BaseTX 








FaO/ 11 disabled 1 auto auto 10,' 100BaseTX 








Fa0/12 disabled i auto auto 1 1 OOBascTX 








FaO/ 13 disabled 1 auto auto 1 100BaseTX 








Fa0T4 disabled 1 auto auto 10 100BaseTX 








FaO/ 15 disabled I auto auto 1 0/1 OOBascTX 








FaO/ 16 disabled 1 auto auto 1 '100BaseTX 








FaO,' 17 disabled 1 auto auto 1 100BaseTX 








FaO/ 18 disabled i auto auto 10 100BaseTX 








FaO/19 connected 1 a-full a-100 M/lflOBaseTX 








FaO/ 20 connected 1 a-full a-1 00 10/ 100BaseTX 








FaO 21 connected trunk a-full a-100 10/ 100BaseTX 








FaO/22 connected trunk a-full a-100 10 100BaseTX 








FaO 23 disabled 1 auto auto 10/1 OOBascTX 








FaO '24 disabled 1 auto auto 10/ 100BaseTX 






Task 2 




Configure ports FOT 9-20 between SW-1 and SW2. and between SW-3 and SW-4 as two 


trunk ports: you should use an industry standard protocol to accomplish this 


task. These 


ports should never become an access port through negotiation. 






On SW'-l andSW-2 








(eonfig)#int range fl]/ 19-20 








( co nfig- it-ran gc)# Switch trunk encap dot! q 








(config-it-range)f*Switch mode trunk 








To verify the conilmmttion: 








On SW-1 








SW-l#Sbow int taink 
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Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO/20 on 802. lq trunk ing 
( The rest of the output is omitted) 


Native vlan 

1 
I 


On SW-2 




SW-2#Show int taink 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO/20 on 802. lq trunking 
t The rest of the output is omitted) 


Native vlan 

1 
1 


On SW-3 and SW-4 




(coniig^int range ti)/ 19 -20 

( co nfig- it-ran ge)# Switch trunk encap dot 1 q 

( co niig- it-ran ge)#Switch mode trunk 




To verify the configuration: 




On SW-3 




S\V-3#Show int tain k 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
Pa0/20 on 802. lq trunking 
i The rest of the output is omitted) 


Native vlan 

1 
I 


On S\\ -4 




S\V-4#Sho\v int taink 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO 20 on 802. lq trunking 
i The rest of the output is omitted) 


Native vlan 

1 
I 
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Task 3 

Con 1: guru ports FO 1 1 -11 between SVY-2 and SVY4. and between SW-I and SW-3 lis two 
trunk ports: you should use an industry standard protocol to accomplish this task. These 
ports should never become an access port through negotiation. 



On SW-2 and SW -4 

(coniig)#int range til'2 1 -22 
feonJig-if-rangc)nSw r iteh trunk encap dot I q 
( con Jig- it-ran gc)# Switch mode trunk 

To vcrifv the configuration: 



On S\\ 


-4 










S\V-4r*Show int trun 


k 






Port Mode 
Fuij 19 on 
FaO/20 on 
FaD/21 on 
FaO/22 on 
i The rest of the < 


nttp 


Encapsulation 
802. 1 q 
802. lq 
802.1q 
802. lq 
ut is omitted) 


Status 

trunking 

trunking 

trunking 

trunking 


Native vlan 

1 
I 
1 
1 


On S\\ 


-2 










SW-2#Sk>w inttrun 


k 






Port 
FaO/19 
FaO/20 
FaO 2 1 
FaO 22 


Mode 

on 
on 

on 
on 




Encapsulation 
802. lq 
802.1q 
802.1q 
802.1q 


Status 
trunking 

trunking 
trunking 
trunking 


Native vlan 

1 
1 

1 
1 



(The rest of the output is omitted) 
On SW-1 and SW-3 

(eonJigHrrint range tf)/2 1 -22 
(config-if-rang!c)#Switch trunk encap dot 1 q 
fconJig-ii-range)#Sw'itch mode trunk 



To verify the configuration: 
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On SW-I 










SW-l#Show inttrun 


k 






Port Mode 




Encapsulation 


Status 


Native vlan 


FaD/19 on 




802. 1 q 


trunk'.nt: 


I 


FaO/20 on 




802.1q 


trunking 


1 


FaO/21 on 




802. lq 


trunking 


1 


FaO/22 on 




802. lq 


trunking 


1 


(The rest oj the t 


nitp 


Mf is omitted) 






On SW-3 










SW-3#Sk>w int trun 


k 






Port Mode 




Encapsulation 


Status 


Native vlan 


FaO/19 on 




802. lq 


trunking 


1 


FaO/20 on 




8Q2.1q 


trunking 


1 


FaO/21 on 




802.1q 


trunking 


I 


FaO/22 on 




802. lq 


trunking 


1 


rT/ic resrf of the t 


nttp 


m? i.v omittedf 







Task 4 

These switches should be configured in a VTP domain called "CCIE' 



On SW-I 

(config)#vtp domain CCIE 

This configuration will he propagated via VTP to the other switches. 

To vL'fit'y the configuration: 



On SW-3 

S W-3#Sriow vtp status I inc VTP Domain Name 
V TP D o mai n N amc : C C 1 E 
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Note the domain name is propagated In \TP 



Task 5 

Create the following VLANs and ensure that they arc propagated to all four switches: 
100.2 . 30 . 40 . 5 and 600 



On SW-I 








S\Y.l(coniig)#vlan 100,: 


100,: 


00,400,500,600 


S W- l(contig-vlan)#cxit 






To verify the configuration: 


On SW-1 








SW- l#Sh vlan br 


exc unsup 




VLAN Name 






Status Ports 


1 default 






active Fat), 1 , FaO, 2, FaO.. 3, FaO/4 
FaO/5, FaO/6, FaO/7, FaO/8 
F afl/9 , FaO/ 1 , FaO/ 1 1 s FaO/ 1 2 
FaO/ 13, Fa07'14. FaO :'15. FaO/ 16 
FaO/ 17, FaO. 18, FaO. 23, FaO/24 
G«li,GiO/2 


100 VLAN0100 






active 


200 VLAN0200 






active 


300 VLAN0300 






active 


400 VLAN0400 






active 


500 VLAN0500 






active 


600 VLAN0600 






active 


On SW -4 








SW-4#Sh vlan br 


exc unsup 




VLAN Name 






Status Ports 


1 default 






active FaO 1 , Fa0/2, FaO/3, FaO/4 
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FaO/5, FaO/6, FaO/7 s FaO/8 




FaQ/9, FaO/10, FaO/ii s FaO 12 




FaO/ 1 3, FaO/ 1 4, FaO/ 1 5, FaO/ 1 6 




Fa0/17 ; Fa0/18 s FaD/23, FaD/24 




GiO/],GiO 2 


100 VLAN0100 


active 


200 VLAN0200 


active 


300 VLAN0300 


active 


400 VLAN0400 


active 


500 VLAN0500 


active 


600 VLAN0600 


active 



Task 6 

Ensure that SW-1 is the root bridge for VLAN 100, SW-2 is the root bridge for VLAN 
20 0, SW-3 is the root bridge for VLAN 300 and SW-4 is the root bridge for VLAN 400. 
You should use a macro to accomplish this task. 



On SW-1 

S W- 1( con tig )#sp arming- tree vlan 100 root primary 

On SW-2 

S W- 2( co niigJrrS panning- tree vlan 200 nx.it primary 

On SW-3 

SW-3(coniig)#S panning- tree vlan 300 nx.it primary 

On SW -4 

SW-4(coniig)#Spanning-trcc vlan 400 root primary 

To verify the configuration: 

On SW-1 

SW-l»Sh spanning -tree \'LAN 100 
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VLAX0100 




Spanning tree enabled protocol iccc 




Root ID Priority 24676 




Address O0ib.2bB5.Oe00 




This bridge is the root 




Hello Time 2 sec Max Age 2G 


sec Forward Delay 1 5 sec 


Bridge ID Priority 24676 (priority 24576 sys-id-cxt 100) 


Address (HHb.2be5.0e00 




Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 


Aging Time 15 




Interlace Role Sts Cost Prio.Nbr 


Type 


FaO/19 Dcsg FWD 19 128.21 


P2p 


Fa0/20 Dcsg FWD 19 128.22 


P2p 


Fa0/21 Dcsg FWD 19 128.23 


P2p 


FaD/22 Dcsg FWD 19 128.24 


P2p 


On SW -2 




SW-2*Sh spanmng-tree VLAN 200 




VLAN0200 




Spanning tree enabled protocol iccc 




Root ID Priority 24776 




Address 00lc.575f.fd00 ^ 




This bridge is the mot 




Hello Time 2 sec Max Age 20 


sec Forward-Delay 15 sec 


Bridge ID Priority 24776 (priority 245 TjLsys-itNcxt 200) 


Address 001e.575f.fd00 *"~~ 




Hello Time 2 sec Max Age 20 


sec Forward Delay 1 5 sec 


Aging Time 15 




Interlace Role Sts Cost Prio.Nbr 


Type 


FaO/19 Dcsg FWD 19 128.21 


P2p 


FaO/20 Dcsg FWD 19 128.22 


P2p 


Fa0/21 Dcsg FWD 19 128.23 


P2p 


FaD/22 Dcsg FWD 19 128.24 


P2p 


On SW -3 
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SW-3#Sli 


spanning -tree VLAN 300 


VLAN03 


)0 


Spanning tree enabled protocol icce 


Root ID 


Priority 24876 




Address (HP0d.6sen.3l80 *"" \ote this matches the MAC ol this 




This bridge is the root Switch 




Hclk) Time 2 sec Max Age 20 sec Forward Delay 15 sec 


Bridge ID Priority 24876 (priority 24576 sys-id-cxt 300) 




iHrJmr. hltlkrl fi^r-i 1.1 Hfl 4 




Hclk) Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 




Aging Time 15 


Interface 


Role Sts Cost Prio.Nbr Type 


FaO/19 


Dcsg FWD 19 128.21 P2p 


FaO 20 


Dcsg FWD 19 128.22 P2p 


Fa0,'21 


Dcsg FWD 19 128.23 P2p 


FaO/22 


Dcsg FWD 19 128.24 P2p 


On SW- 


4 


SW-4*Sh 


spanning- tree VLAN 400 


VLAN0400 


Spannin 


2 tree enabled protocol icce 


Root ID 


Priority 24976 




Address (P00d.65cl.9200^^ 




This bridge is the root """ -»*^^ 




Hello Time 2 sec Max Age 20 sec Forward Detey-4-5_^cc 


B ridge I D P rio r ity 24 9 7 6 ( p rio ri ty 24 5 7 6_ sys*id-cxT4TJ (f) 




Address OOOd. 65c 1.9200 *^ 




Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 




Aging Time 300 


Interface 


Rol' Sts Cost Pr.o.Nbr Type 


FaO 1 9 


Dcsg FWD 19 128.21 P2p 


FaO/20 


Dcsg FWD 19 128.22 P2p 


FaD/21 


Dcsg FWD 19 128.23 P2p 


Fa0.22 


Dcsg FWD 19 128.24 P2p 
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Task 7 

Implement the following policy: 

1 . V L AN" 1 00 sho u Id never traverse S W-4 

2. VLAN 200 should never traverse SW-3 

3. VLAN" 300 Should never traverse SW-2 

4. VLAN" 400 should never traverse SVV-1 



'I'he first 1'oltev 
On SW-2 

S\V-2(config)#int range 10/21-22 
S\V-2(config-if-rangc)#switchport trunk allowed vlan except 100 

On SW-3 

SW-3(config)#int range ffiT 9-20 
S\V-3(contig-ii-rangc)#-switchport taink allowed vlan except 100 

On SW-4 

SW-4(conf.g)#int range fQ- 1 9-22 
S\V-4(config-if-rarigc)#s\vitchport taink allowed vlan except 100 

To vL-rifv thL- i-onfiauration: 



On SW 


_2 


SW-2#Sli 


int trunk 


Port 


Mode 


FaO.. 1 9 


on 


FaO/20 


o n 


FaO 2 1 


i.i n 


FaO 22 


on 



Encapsulation Status Native vlan 

802. lq trunk ing I 

802. I q trunk ing 1 

802. 1 q trunking 1 

802. lq trunking 1 

Port Vlans alb wed on trunk 

FaO 19 1-4094 

Fa0/20 1-4094 

FaO/21 l-99 s l 1-4094 <^_^- Note VLAN 1 00 is NOT allowed on the 

FaO/22 1-99,101-4094 * trunk 
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Port 
Fat): 19 
Fafl/20 

Fail 1 1 
FaO 22 



Vlans allowed and active in management domain 
1,100,200,300,400,500,600 
1,100,200300,400,500,600 
1,200,300,400,500,600 
1,200,300,400,500,600 



Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 LI 00,200,40 0,50 0,600 
Fa0/20 1,200,400,500,600 
Fa0/2 1 1 ,2 00 ,3 ,40 0,50 0, 60 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/ 22 200 

On SVV-3 

SVy-3*Showinttmnk 

Port Mode Encapsulation Status Native vlan 

FaO/ 19 on 802. lq trim king I 

FaO/20 on 802. lq tmnking I 

FaO/21 on 802. lq tmnking 1 

FaO/22 on 802. lq tmnking 1 



Port Vlans allowed on trunk 
FaO/ 19 1-99,1 01-4094 «- 
FaO/ 20 1-99,101-4094 
FaO '21 1-4094 
FaO/22 1 -4094 



Note VLAN 100 is NOT allowed on the 
trunk 



Port Vlans allowed and active in management domain 
FaO 1 9 1 ,200,300,400,500,600 
FaO 20 1,200,300,400,500,600 
FaO/ 2 1 1, 1 00 ,2 ,30 0,40 0, 50 , 60 
FaO 2 1 1 , 1 ,2 ,30 0,40 0, 50 , 60 

Port Vlans in spanning tree forwarding state and not pruned 

FaO. 19 1200,300,400,500,600 

FaO/ 20 300 

FaO/21 1,100,300,400,500,600 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/22 1,300,400,500,600 
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On SW-4 








SW-4#Sha int tmnk 








Port Mode Encapsulation Status Native vlan 
FaO/19 on 802. lq tainking I 
FaO/20 on 802. lq blinking 1 
FaO/21 on 802. lq tainking 1 
FaO/22 on 802. lq tainking 1 








Port Vlans allowed on trunk 
FaO/19 1-99,101-4094 
FaO/20 1-99 J 01-40 94 
FaO/21 1-99 ,1 01-40 94 
FaO/22 1-99 J 01-40 94 








Port Vlans allowed and active in management domain 
FaO 1 9 1 ,200 ,3 ,40 0,50 0, 60 
FaO/20 1 £ 00 ,3 ,40 0,50 0, 60 
FaO/21 1,200,300,400,500,600 
FaO/22 1 ,200 ,3 ,40 , 5 0, 60 








Port Vlans in spanning tree forwarding state and not pruned 

FaO/19 1,300,400,500,600 

FaO 20 1,400,500,600 

Fa0/2 1 1 ,200 ,3 00 ,40 0,50 0, 60 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/22 1,300,400,500,600 








Note VLAN 100 is NOT allowed on the trunk. 








The second policy; 








On SW-1 








S\V-](coniig)#int range JO/2 1-22 

S W- 1( "con tig- if- ranged Switch tmnk allowed vlan except 200 








To verify the configuration: 








On SW-1 








SW-l#Sh int trunk 
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Port 


Mode Encapsulation Status Native vlan 


FaO/19 


on 802. lq trunking I 


FaO/20 


on 802. lq trunking I 


FaO/21 


on 802. lq trunking I 


FaO/22 


on 802. lq trunking I 


Port 


Vlans allowed on trunk 


FaQ/19 


1-4094 


FaO/20 


1-4094 


FaO/21 


1-199,201-4094 


FaO/22 


1.199201-4094 


Note VL 


AN 200 is NOT allowed to traverse the trunk links connecting this switch to 


SW-3 




On S\\ 


-4 


S\V-4(config)f*int range fD' 1 9-20 


SW-4(config-if-rangc)#Switch trunk allowed vlan except 1 00.200 


To verl 


IV the configuration: 


S\\ -4 




SW-4#Sh int trunk 


Port 


Mode Encapsulation Status Native vlan 


FaO/19 


on 802. lq trunking 1 


FaO/20 


on 802. lq trunking I 


FaO/21 


on 802. lq trunking 1 


FaO/22 


on 802. lq trunking I 


Port 


Vlans allowed on trunk 


FaO/19 


1-99 J 01- 199,20 1-4094 


FaO/20 


1-99, 10 1-19920 1-4094 


FaO/21 


1-99 JO 1-4094 


FaO/22 


1 -99,10 1-4094 


Note VLAN 200 is NOT allowed on the trunk ports connecting this switch to SVV-3 


On SW3 


The folli 


nving configuration on ports F 0/1 9-20 has to be reconfigure to deny 
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VLAN KM) again, or else, the command for VLAN 2(10 \> ill override the previous 
configuration that was denying VLAN 1(10. 


SW-3(contig)#int range 10/ 19-20 
S W- 3(00 n tig- if- rangc)#switc h p o rt 


trunk allowed vlan except 100,200 


S\V-3(config)#int range 10/2 1-22 
S W- 3( co n tig- if- rangc)#switc h p □ rt 


trunk allowed vlan 


except 200 


The third Poliev: 






On S\V 


-2 






SW-2(coniig-if-rangc)#int range tO/21-22 
SW-2(config-if-rangc)rrswi trunk allowed vlan except 


100,300 


SW-2(coniig-if-rangc)#int range 10 19-20 

S W-2(config- if- range )#$wi trunk allowed vlan except 


300 


I o veri 


tV thi' configuration: 






On S\Y 


-2 






SW-2#Sh int trunk 






Port 

FaO/19 

Fa0/20 

Fa0/21 

FaO/22 


Mode Encapsulation Status Native vlan 
on 802. lq trunking I 
on 802. lq trunking 1 
on 802. lq trunking I 
on 802. lq trunking I 


Port 

FaO/19 

FaO/20 

FaO/21 

FaO/22 


Vlan s allowed on trunk 
1-299301-4094 
1-299,301-4094 
1-99,101-299,301-4094 
1-99,101-299,301-4094 






Note the 
whereas, 


ahove output show that on ports FuV 19-20 ONLY VLAN 300 is denied, 
on ports FO-21-22, VLANs 100 and 300 are denied. 


On S\V 


-4 






SW.4(config)#int range fO'21-22 

SW-4( con tig- if- range )#swi trunk allowed vlan except 


100,300 
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To verify the configuration: 

On SW-4 

SVV-4#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq tainking I 

FaO/20 on 802. lq tainking 1 

FaO/21 on 802. lq blinking 1 

Fa0'22 on 802. lq tainking 1 

Port Vlans allowed on taink 
FaO 19 I -99,10 1-199,20 1-4094 
FaO/20 1-99,101-199,201-4094 
FaO/2 1 1 - 99 , 1 1 -29 9 , 30 1 -40 94 
FaO/ 22 I -99 s 10 1 -299 , 30 1 -4094 

Note SW-4 denies VLANs 100 and 200 on ports FO/19-20, whereas, VLANs 100 and 

300 are denied on ports FO/21-22. 

On SVV-1 

S W- l(config)#int range 10' 19-20 
S\V-l(conlig-if-rangc)#S\vitch taink allowed vlan except 300 

To verify the configuration: 



On SYY 


-1 






SW-laShint trunk 






Port 
FaO/ 19 
FaO/20 

FaO 2 1 
FaO 22 


Mode Encapsulation 
on 802. lq 
on 802. lq 
on 802. lq 
on 802. lq 


S tat lis 
trunk ing 
trunk '.ny: 
trunk ing 
trunk ing 


Native vlan 

1 
1 
1 

1 


Port 
FaO/ 19 
FaO; 20 
FaO '21 
FaO/22 


Vlans allowed on trunk 
1-299,301-4094 
1-299,301-4094 
1-199,201-4094 
1-199.201-4094 
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Note VL 
FO/19-20 


-YN 200 is denied cm ports FO/21 


■22, 


whereas, VLAN 300 is denied on ports 


I'he for 


tJi Policy: 










On S\V 


-1 










SW- l(config)frint range FO/19-20 

SW- l(contig-if-rangc)rrs\vi trunk allowed \ 


Ian 


except 


300400 


SW-l(config)#int range 10/21-22 

SW- l(contig-if-range)frswi trunk allowed \ 


]an except 


200400 


I o veri 


t'v the configuration: 










On SW 


-1 










S\V-l#Showint trunk 










Port 
FaO/19 
FaO/20 
FaO/21 
FaO 22 


Mode Encapsulation 
on 802. lq 
on 802. lq 
on 802. lq 
on 802. lq 


Status 
trunk ing 
bunking 

trunk ing 
trunk ing 


Native vlan 

1 
I 
1 
1 


Port 

FaO/19 

FaO/20 

FaO/21 

FaO/22 


Vlans allowed on trunk 
1-299,301-399401-4094 
1 -29 9 r 3 01-399 4 1 -40 94 
1-199,201-3994014094 
1-199,201-3994014094 










Note VLANs 300 and 400 are both denie 
and 40(1 are denied on ports FO/21-22. 


1 on ports 


FO/19-20, whereas, VLANs 200 


On SW 


-2 










SW-2(coniig)rrint range tO/19-20 
SW-2(conn"g-if-rangc)#s\vi trunk allowed \ 


Ian 


except 


300400 


To veri 


t'v the configuration: 










On SW 


-2 
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SW-2#Sh int trunk 

Port Mode Eric 

FiiiJ 19 on 802 

FaO/20 on 802 

FaG 21 on 802 

FaO. 22 on 802 



apsuiation Status 

. lq trunk ing 

. lq trunk ing 

• iq 

.lq 



trunk ing 
trunk ing 



Native vlan 

1 
1 
1 
! 



Port Vlans alb wed on trunk 

FaO 1 9 1 -29930 1 -399,40 1 -4094 

FaO '20 1 -299,30 1 -399,40 1 -4094 

FaO/21 1-99,101-299301-4094 

FaO/22 1 -99, 10 1 -299,30 1 -4094 

Note VLANs 300 and 400 are denied on ports F0.' 19-20, whereas, VLANs 100 and 
300 are denied on ports FO'2 1-22. 

On SW -3 

SW-3(config)#int range 10 21-22 

SW-3( con tig- if- range )#swi trunk allowed vlan except 200,400 

To verify the configuration: 



On SW-3 



SW-3#Sho\v int tain k 



Port 


Mt 


FaO; 19 


on 


FaO 20 


on 


FaO/21 


o n 


FaQ/22 


on 



Encapsulation Status 
802. lq tainking 

802. lq tninking 

802. lq tninking 

802. lq tainking 



Port Vlans allowed on taink 

FaO 19 1.99,101-199,201-4094 

FaO '20 1-99,101-199,201-4094 

FaO/21 I -199,201-399,401-4094 

FaO; 22 1 - 1 9 9 .2 Q 1 -3 9 9 ,4 1 -4 94 



Native vlan 

1 



Note VLANs 10(1 and 200 are both denied on ports FW 19-20, whereas, VLANs 200 

and 400 are denied on ports F0.-'21-22. 
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Task 8 



Configure SW-1 SiflC h that if s the root bridge for VLAN 500, if this switch goes down, 
SW-2 should become the root bridge tor this VLAN. 



On SW-1 

S W- ](contig)#Spanning-trcc vkn 500 root primary 
On SW-2 

S \V-2( co nfig^Spanning- tree via n 500 rcx.it secondary 
To verify the confiaumtion: 

On SW-1 



S\V-l#Sh spanning-trcc v.an 500 

VLAN0500 
Spanning tree enabled protocol icce 
Root ID Priority 25076 

Address D01b.2be5.Oe4M) 

This bridge is the mot 

Hello Time 2 sec Max Agc\20 sec Forward Delay 1 5 sec 

B ridge 1 D P rio rity 250 7 6 (priori ty 24 5 7^ sys- id -ex t 5 ) 
Address 001b.2be^0e00 

Hello Time 2 sec Max-Age 20 sec Forward Delay 15 sec 
Agi ng T imc 300 
( The rest of The output is omitted/ 

On SW-2 

SW-2#Sh spanning-trcc vlan 500 

VLAN0500 
Spanning tree enabled protocol icce 
Root ID Priority 25076 

Address D0fb.2be5.0e00 

Cost 19 

Port 21 (FastEthcrnctQ.'lQ) 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
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Bridge 


ID Priority 

Address 


29172 
D01c5* 


(priority 


286 


72 


sys-id-cxt 


500) 








Hello Time 


2 sec 


Max Age 


20 


sec 


Forward 


Delay 


15 


sec 




Aging T:mi 


300 
















i The rest of the output is oini 


ttedf 















Task 9 

Ensure that the traffic Irom SW-2 for VLAN 500 uses ports F0 1 9 or F0 20 ONLY if the 
path through SW-4 to SW-3 to SW-1 is NOT possible due to a link being down. 



On SYV-2 

SVv'-2#Sri spanning -tree vlan 500 

YLAN0500 
Spanning tree enabled protocol iccc 
Root ID Priority 25076 

Address 001b.2bc5.0c00 

Cost 19 

Port 21 (Fa st Ether net 0/1 9) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge ID P rio rity 29 1 72 ( p rio ri ty 28 6 72 s ys- id -ex t 5 ) 
Address 001c.575f fdOO 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 300 

Interface Role Sts Cost Prio.Xbr Type 



FaO/19 


Root F\YD 19 


128.21 


P2p 


Full III 


AltnBLK 19 


128.22 


P2p 


FaO/21 


Dcsg FWD 1 9 


128.23 


P2p 


FaO/22 


Dcsg FWD 19 


128.24 


P2p 



Note SW-2 is taking port FO/19 to get to the root b ridge lor YLAN 500, and it's root 

cost is 19 uhich is the cost of a 100 Mbps link. II these ports are shut down, you 

should see the cost of the local snitch (SW-2) to the mot bridge, it should be as 

follows: 

The cost of the link from SW-2 to SW-4 whieh is 19 - 
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The cost of the link from SW-4 to SVV-3 which is 19 - 
The tost of the link from SW-3 to SW-1 which is also 19 
The total equals to 57, to reveal this information: 

On SW-2 

S\\V2(coiifig)*int range ffi'l 9-20 
S W- 2(co n 1 ig- if- rangc)#Sh u t 

I'o sit ttiL 1 L't'R'L't: 

SW-2f'config-if-rangc'!i"do sh spanning-trcc vian 500 

VLAN0500 
Spanning tree enabled protocol iccc 
Root ID Priority 25076 

Address 001b.2bc5.0e00 
Cost 57 

Port 23 (FastEthernetlMl) 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge 1 D Priority 29 1 72 (priority 28672 sys-id-cxt 500) 
Address 001c.575f.fdOO 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 15 

Interface Role Sts Cost Prio.Nbr Type 

Fall.' 21 RootFWDl9 128.23 P2p 

Fa0,22 AltnBLK 19 128.24 P2p 

Note it is taking port FH/21 toward SW-4 using port F0.21. If this is traced all the 
hack to SW-1 you will see that the path from SVV-2'S perspective is through SW-4 to 
S\V-3toSW-l. 

To configure this task, you should "no Shutdown" ports FOT9-20 first. 
On SW-2 

S\V-2(config)#int range ttT'l 9-20 
S W : - 2( co n fig- if- rangc)#No S hu t 

S \V- 2( co n fig- if- range)* Spanning -tree vlan 500 cost 58 
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Note the above command sets the cost through ports FO/19-20 higher than 57, and as 
a result of that, the traffic for V LAN 500 nil I traverse through the alternate path 
which is to SW-4 to SW-3 to SW-1 which has a cost of 57. 

To verify the configuration: 

On SW-2 

SW-2*Sh spanning-trcc v.an 500 

VLAN0500 
Spanning tree enabled protocol iccc Note the best cost is now 57. 

Root ID Priority 25076 ^**^ 

Address 00 1 b..2J»5Ucb 

Cost 57*""" 

Port 23(FastEthcrnct0'21) 

Hello Time 2 sec Max Age 20 see Forward Delay 1 5 sec 

Bridge ID Priority 29172 (priority 28672 sys- id -cxt 500) 
Address 00 Ic.575f.fy00 

Hello Time 2 see Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 300 

Interface Role Sts Cost Prio.Nbr Type 

FaO 19 AknBLK58 128.21 P2p 

FaO 20 AltnBLK58 12822 P2p 

FaO/2 1 Roo t F WD 19 1 2 8 .23 P2p 

FaO 22 AltnBLKI9 12824 P2p 



I ask \\\ 

Configure SW-3 as the root bridge for VLAN 600; this switch should be configured such 
that traffic for VLAN 600 uses the following ports: 

F0 2! from SW-1 
F0/2O from SW-4 



On SW-3 



S\V-3fconfig)#int range ff) 20-21 
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S \V- 3( co n tig- if)#S panning- tree vlan 600 port-priority 
"l'o verify the configuration: 

On SW4 

SV\'-4ffSh spanning vlan 600 

VLAN0600 
Spanning tree enabled protocol iccc 
Root ID Priority 25176 

Address 000d.65ca.3180 

Cost 19 

Port 20 (FastEthenietO.aO) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge 1 D P rio rity 33 368 f p rio ri ty 32 7 6 8 s ys- id -ex t 6 ) 
Address OOOd. 65c 1.9200 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec- 
Aging Time 300 
Interface Role Sts Cost Prio.NbrTypc 

FaO 19 AltnBLK 19 128.19 P2p 

FaO/ 20 RootF\VD19 128.20 P2p 

FaO/2 1 Altn B LK 1 9 1 28.2 1 P2p 

FaO 22 AltnBLK 19 12822 P2p 

On SW-1 

S\V- IftSh spanning -tree vlan 600 

VLAX0600 
Spanning tree enabled protocol iccc 
Root ID Priority 25176 

Address 0O0d.65ca.3180 

Cost 19 

Port 23 i;FastEthcrnct0'21) 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 33368 (priority 32768 sys-id-cxt 600) 
Addrcs's 001b.2bc5.0cdo 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
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Aging Time 300 
] nt erf ac c Role S ts Co st Pr :o . N br T \ p c 



FaO/19 


AltnBLK 19 


128.21 


P2p 


FaO/20 


AknBLK 19 


128.22 


P2p 


FaO/21 


Root FVVD 19 


128.23 


P2p 


FaO/22 


AltnBLK 19 


128.24 


P2p 



I ask 11 

Erase the config.tcxt and \ian.dat and reload the switches before proceeding to the next 
lab. 
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Lab 6 - QiiiQ Tunneling 



RI 




SW1 



SW4 






SW2 




SW3 




R2 



Task I 



Ensure that a3! interfaces for all 4 switches arc in Shutdown mode 



On All Switches 

i c o nlig)# in t range fD/ 1 -24 
(to nlig- i f-rangc)#sh u t do wn 



Task 2 

Establish trunk links between the switches as follows: 

1 . SW1 and SW4 should use interface FO/23 to establish a trunk link. 

2. S\Y4 and S\Y3 should use interface FQ/19 to establish a trunk link 

3. SW3 and SW2 should use interface FO 23 to establish a trunk link 



CCIE R&<> bv Narbik K.ui:hariaiis 



Advanced CCI E RA.S Wurk Book 2.0 

C 2009 Narbik Kucha riani. All rijhU reerved 



Page 21 1 t>f JQ68 



To confitruri 1 tin; first iti'm: 

On SW I 

SWi (config)#int fll'23 
SW1 (config-if)#swi trunk cncap isl 
SW1 (config-it)rrswi mode trunk 
S W 1 (c o nfig- i f)#No shu t 

On SW4 

SW4(config)#int fCl'23 
SW4(config-if)#swi tain cncap is! 
SW4(config-if)#swi mode trunk 
S \V4 (c o nfig- i 0#Ne shu t 

To vL'rit'v the i-onl'feunttion: 
On SW 1 



SWI #Show interlace trunk 

Port Mode Encapsulation Status Native v Ian 

FaO/23 on isl trunk ing 1 

Port Vlans allowed on trunk 
FaO/23 1-4094 

Port Vlans allowed and active in management domain 
FaD/23 I 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/23 I 

SWl#Showcdp neighbor 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone 

Device ID Local Intrfcc Holdtrnc Capability Platform Port ID 

SW4 Fas 0/23 125 SI \VS-C3550-2Fas Q'23 

To conJlmiri; tin; si'cund Hum: 
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On SYV3 




SW3(config)#int fQtl9 






SW3(CCmfig-if)#Swi trunk cncap isl 






SW3(config-if)#5wi mode trunk 






SW3(config-il>no shut. 






On SW4 






SW4<ctmfig}#mt fly 19 






SW4(config-if)#swi trunk cncap isl 






SW4{COnfig-if)#Swi mode trunk 






SW4(config-il)#no shut 






To verify the configuration: 






On SYV4 






SW4#Show interlace trunk 






Port Mode Encapsulation Status Native vlan 






FaO/23 on isl tainking I 






Fat).' 19 on isl tainking I 






Port Vlans allowed on trunk 






FaO/23 1-4094 






FaO/19 1-4094 






Port Vlans allowed and active in management domain 






FaO/23 1 






FaD/19 1 






Port Vlans in spanning tree forwarding state and not pruned 






FaO/23 I 






FaO/19 I 






SW4#Show cdp neighbor 






Capability Codes: R - Router. T - Trans Bridge* B - Source Route Bridge 






S - Switch, H - Host J - 1GMP, r - Repeater, P - Phone 






Device ID Local Intrlcc Holdtmc Capability Platform Port ID 






SWI Fas 23 135 SI \VS-C3560-2Fas 23 






SW3 Fas Q" 19 159 SI WS-C3550-2Fas 0/19 


3of]Q68 
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To con 11 mi ri' th l 1 third ituni: 

On SW3 

SW3(config)#int «tf23 
S\V3(config-if)#swi trunk cncap isl 
SW3(config-if)#Swi mode trunk 
S\V3(config-if)#no shut 

On SW2 

SW2(config)#mt ®t23 
S W2 ( c o nfig- i f)#s wi tru n k en c ap i si 
S W2 (c o nfig- i f)#s wi mo d c t ru nk 
S\V2i;config-if)#no shut 

In verify the configuration: 

On SW3 

S\V3#sh int trunk 

Port Mode Encapsulation Status Native via n 

FaO '23 on isl trunking 1 

FaO/19 on isl trunking 1 

Port Vlans allowed on trunk 
FaO,' 2 3 1-4094 
FaO, 19 1-4094 

Port Vlans allowed and active in management domain 
FaO/23 I 
FaO 19 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 23 none 
FaO 19 I 

S\V3r*Sh edp neighbors 

Capability Codes: R ■ Router. T - Trans Bridge, B ■ Source Route Bridge 
S - Switch, H - Host J - 1GMP, r - Repeater, P - Phone 



Device ID 



Local lntrlcc H o .d t mc C ap abi 1 ity P lat fo rm Po rt I D 
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SW4 


Fas 0/1 9 


143 


SI 


SW2 


Fas 0/23 


165 


SI 


On S\V 1 









\VS-C3550-2FasO/19 
WSO560-2Fas 23 



SW1 (COnfig)#VTP domain QinQ 

The VTP domain name is configured so that the future VLAXs can be 
propagated across the trunk to the other Switches. You should verily that this 
configuration is propagated to the other snitches before proceeding further. 
You may need to "Shutdot^n'" and then "No Shutckmn" the trunk interface of 
some of the switches to ensure that they all belong to the same VTP domain. 



Task 3 



Configure Rl 's FO/0 and R2's FO' 1 using the following IP addresses: 

Rl ! s FO = 10.1.12.1 /24 and R2's FO.T = 10.1.12.2 ,24 

Ensure that R! and R2 have foil reachability to each other; you should use CDP and 

Ping to verify'. 



On Rl 

Rl(config)#intfo/0 

Rl(config-if)#ip addr 10. 1.1 2. ! 255255.255.0 

Rl(config-if>*no shut 

On R2 

R2(config)#intffl..T 

R2iconfig-if>ipaddr 10.1.122 255255.255.0 

R2(config-if)#no shut 

On S\V I 

SWl(config)#intffi'l 
SW1 (config-if)#no shut 

On S\\ 2 

S\V2(config)*int gK2 
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S\V2(config-ii>*na shut 

'I'd verify the configuration: 

On Rl 

Rl#Sh cdp neighbors 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
' S - Switch, H - Host J - IGMP, r - Repeater 

Device ID Local In trice Holdtmc Capability Platform Port ID 

SW1 Fas 0/0 154 SI WS-C3560- Fas Qf\ 

Rl*Ping 10. 1.12.2 

Type escape sequence to abort. 

Sending 5, lOO-bytc I CMP Echosto 10.1.12.2, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round-trip rnin/avg/max = 1/1/4 ms 
On R2 

R_"Sho\v cdp neighbors 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater 

Device ID Local Intrlcc Holdtmc Capability Platform Port ID 

SW2 Fas 0/1 128 SI WS-C3560- Fas 2 

R2sPing 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc I CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Note both routers can successfully Piny each other and seethe snitch that they are 
directly connected to. 
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Task 4 

Configure these devices such that the output of the "Showcdp neighbor' command on 
Rl resembles the following: 

RI#Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater 

Device ID Local In trice Holdtmc Capability Platform Port ID 

R2 Fas 00 III RSI 261 1XM Fas 0/1 



This tusk calls for Dotlq Tunneling, S02.1q tunneling enables the service providers 

to use a single VLAN to support customers who have a single or multiple VLANs 

that need to connect across the provider's network while preserving their VLAN- 

IDs. The provider can use this feature to keep traffic from different customers 

segregated. 

When configuring QinQ tunneling, a tunnel port must be defined, this port should 

be assigned to a VLAN. different customers must be assign to different tunnel ports 

and different tunnel ports should be- configured in different provider VLANs, and 

this is how the traffic from different customers are segregated. 

When a given tunnel port receives customer traffic, it adds a 2 Byte Ether- Type 

field of (1x810(1 followed by a 2 Byte field containing the CoS and the VLAN and this 

traffic is then put into the VLAN to which the tunnel port is assigned. The Egress 

tunnel port strips off the 4 Bytes that was added by the ingress tunnel port and 

transmits the traffic to the customer device. 

When Dotlq tunneling is configured, a layer 2 protocol tunneling can also be 

configured, a layer 2 protocol tunneling allows layer 2 protocol data units (PDLs) to 

be tunneled through the network, the layer 2 protocols that can he tunneled are: 

CDP, STP and \TP and they need to be configured or else they will NOT get 

propagated across the tunnel. 

In this case since CDP must be used, it should be configured using the "L2protocol- 

tunnel CDP" interface configuration command. 

On S\V I 



SW1 (config-it)#int fO/I 

SW1 (config-if^swi ace v 100 

S W I (c o nfig- i f )n s w i m od e do 1 1 q - 1 unn el 

SYV1 (config-if)r*l2protocol- tunnel cdp 

On SW2 

S\V2i;config-ift*int ft) 2 
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SW2i;config-ii>swi ace v 100 
SW2(config-if)#SYvi mode dotlq-tunnel 
S\V2(config-if)r*l2protocol- tunnel cdp 

To verify the configuration : 

On Kl 

Rl^Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge. B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater 

Device ID Local In trice Holdtrnc Capability Platform Port ID 

R2 Fas 0/0 122 RSI 261 1XM Fas 0/1 

Note sometimes you need to "Clear cdp table" on the routers to see the change. 
'l'o verify the tunnel: 

On S\V I 

SWl*Shdotlq-tunnc: 

dot Iq- tunnel mode LAN Port(s) 

FfiO/ 1 

SW'1 nShow 12protocol- tunnel summary 

COS for Encapsulated Packets: 5 

Drop Threshold for Encapsulated Packets: 

Port Protocol Shutdown Drop Status 

Th re sho Id T hr csho Id 
(edp/stp/vtp) (cdp stp vtp) 
i pagp ' lacp/udld) f pagp iacp/udld) 



Fa0/1 cdp ■-■ ■ ,.— ..— ............ up 

.... .__ .... ..../..../.... . .. ./. .. .; .... 

Note the status is UP and CDP is the ONLY layer 2 protocol tunnel in use. 
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Task 5 

Configure the Ft) ofRl and FO/1 intcrikee of R2 with two sub interfaces; using the 

following information: 

The first subintcrfacc should belong to VLAN 12, this VLAN on Rl 5 s FO'O interface 

should have an IP address of 10.1.12. 1 .'24 and on R2's FO/1 interlace it should have an 

IP address of 10.1. 12.2. '24. 

The second subintcrfacc should belong to VLAN 34, this VLAN on Rl ! s F0 interface 

should have an IP address of 10.1. .34. 1 .'24 and on R2's FO/1 interlace it should have an 

IP address of 10.1. 34.2 ,'24. 

Verify reachability using Ping. 



In this task, on each muter, two VLANs are created using two suhinterfaees, one 
subinterfaee is configured to he in VLAN 12 and the other suhinteiface is configured 
to be in VLAN 34. 

On Rl 



Rl (config)#dcfault interlace f0/0 

The above command sets the interface fO/0 back to its default configuration. 

Rl(config)#intiM).12 

R 1 fc o n fig-s ub if)#cnc ap do 1 1 q 12 

Rli;config-subii)#ipaddr 10.1.12.1 255.255.255.0 

Rli;config;^intrt)/0.34 

R I (c o n tlg-s ub if)#cnc ap do 1 1 q 34 

Rli;config-subif)#ipaddr 10.1.34.1 255.255.255.0 

On R2 

R2(config)#dcfault. interlace fQT 

The above command sets the interface Hl/O back to its default configuration. 

R2(config')#inttt)/l.!2 
RZiconfig-subif^encap dotlq 12 
R2iconf]g-subif)#ip addr 10. L12.2 255.255.255.0 

R2(config^intffi.T.34 
R2(config-subif)r! i cncap dotlq 34 
R2i;config.subif)#ip addr 10. 1.34.2 255.255.255.0 
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Because the interfaces of the routers are configured as a trunk polls, the switch port 
that they connect to is configured to he in VI. AN 100, and they are also configured as a 
tunnel ports, this is called an asymmetrical link. 

To verify the configuration: 



On kl 

RigPing 10.1.12.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10. 1. 12.2, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (4/5), round-trip min.'avg'max = 1/2/4 ms 
Rigging 10.1.34.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.34.2, timeout is2 seconds: 
i ii ii 

Success rate is 100 percent (4/5), round-trip min.'avg'max = 1/2/4 ms 



Task 6 

Delete the VLAN.dat and Con fig. text of SW1 and SW2 and re toad these switches, while 

the switches arc reloading configure the following: 

Set the fuV23 interface on SW3 and SW4 to default configuration and authenticate the 

VTP domain using "QinQ" as the password. 

Ensure that ONLY ports FQ 23 and F0.T on SW1 and ¥0/23 and FG'2 on SW2 arc in 

UP/UP state, the rest of the ports should be disabled. 



On SYVl andS\V2 


#dclctc config.tcxt 


#dclctc vlan.dat 


#rcload 


On SW 1 


Switch(config)#host SW1 
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On SW2 

Switch(coniig)#host SW2 

On SW3andSM4 

fconfig)#dcfaLilt interface tf) 23 
(con±ig)#VTP password QinQ 

On SW 1 

SWI (config)#intcrfacc range tt)/2-24 
SWI 1 c o nfig- i f-rangc)r* S hu tdo wn 

On SW2 

SW2(config)#int range fll'l, iO'3-24 
S \V2 (c o nfig- i f-range)#S hu td Q w n 



Task 7 

Configure these devices such that the output of the "Show cdp neighbor" command on 
SWI & SW2 resembles the following: 

On SW 1 

SWl#Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge. B - Source Route Bridge 
S - Switch, H - Host, 1 - 1GMP, r - Repeater, P - Phone 

Device ID Local Intr tec Holdtmc Capability Platform Port ID 

SW2 Fas 0:23 172 SI WS-C 35 6 0-2 Fas 0/23 

Rl Fas 0:1 144 RSI 261 1XM Fas 0:0 

On S\V2 

SW2#Shuwcdp neighbors 

Capability Codes: R - Router, T - Trans Bridge* B - Source Route Bridge 
S - Switch, H - Host, 1 - 1GMP, r - Repeater, P - Phone 
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Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SWI Fas 0/23 174 SI WS-C3560-2Fas 0/23 

R2 Fas 0/2 1 6 1 RSI 26 1 I XM Fas 0/1 



On SW3 andSW4 

(oonfig)#iiitfly23 

(coniig-if)#swiacc v 100 
(config-if)#swi mode dot 1 q- tunnel 
(coniig-if)#12protoco!-tunncl cdp 

To verify the configuration: 
On SW 1 

SWT#Show cdp neighbors 

■Capability Codes: R ■ Router. T - Trans Bridge, B ■ Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater, P - Phone 

Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SW2 Fas 0/23 172 SI WS-C3560-2Fas 23 

Rl Fas 0/1 144 RSI 261 1XM Fas 0/0 

On SW2 

SW2ftSho\v cdp neighbors 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater, P - Phone 

Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SWI Fas 0,23 174 SI WS-C3560-2Fas 0/23 

R2 Fas 2 161 RSI 26 1 1 XM Fas 0/1 



Task8 

Configure a trunk link between SWI and SW2 using interface FO/23. These two switches 
should use DotlQ encapsulation for this task. 
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On S\\ 1 and S\M 

(eoniig)#intfa'23 
(config-iiV^swi trunk cncap dot 1 q 
(contig-if^swi mode trunk 

To verify the configuration: 

On SW2 

SW'2#Show interlace trunk 

Port Mode Encapsulation Status Native vlan 

23 on 802. lq trunk ing I 



Port Mans allowed on trunk 
FaO 23 1-4094 

Port Vlans allowed and active in management domain 
FaO/23 I 

Port Vlans in spanning tree forwarding state and not pruned 

) 23 I 



Task 9 

Configure SYV1 and SW2 in VTP domain called "Customer*; Configure VLANs 35 and 
46 on SWI and ensure that they arc propagated to SW2. SW1 should he the root hridgc 
for 35 and SW2 should he the root hridgc lor 46. 



To accomplish this task, \'TP and SIP protocols should he propagated between 
SWI and SVV2: this is accomplished by configuring SVV3 and SW4 to allow these 
protocols on their tunnel port (F(l''23) as follows: 

On S\\ 3 and SW4 

(config)# inter 10 23 
(config-if)#L2protocoI-tunnel STP 
(config-if)#L2protocol-tunneI \"TP 
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On SW I 

SW1 (config)#VTP domain Customer 
To verify the configuration: 

On SW2 

SVV2#Sh vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLANs supported loc-ally : 1005 

Number ofcxisting VLANs : 5 

VTP Operating Mode : Server 

VTP Domain Name : Customer 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Loeal updatcr ID is 0.0.0.0 (no valid interlace found) 

To create VLANs 35 and 46; 
OnSWI 

S\V1 (config)#VLAN 35,46 
SW1 (config)#cxit 

To verify the configuration: 

On SW2 

SW2#Sh vlan br exc unsup 

VLAN Name Status Ports 



del a u It act ivc FaO/ 1 . F aO 2 . F aO ' 3 , FaO 4 

FaO. -5, FaO/6, FaO/7, FaQ/8, FaO/9 
FaQ/10 t FaD/ll t FaO,T2 s FaOT3 
FaO 14. FaO 15. FaO 16. FaO. 17 
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FaO/T8 s FaO/19, FaD/20, Fa0/21 
Fa0/22 ( FaO/23, Fat)/ 24, GW/1 
GiO/2 

35 VLAN0035 active 

46 VLAN()(M6 active 

To ddumimu (liu roo< hrid^u I'.:']" (liu iii!»h cruLtd'd VLANs: 

On SW1 

SWTnSh spanning-trec vlan 35 

VLAND035 

Spanning tree enabled protocol iccc 
Root ID Priority 32803 

Address ' 001a.2ffla.2000 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32803 (priority 32768 sys-id-ext 35) 
Address '001a.2ffla.2000 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 301] 

Interlace Role Sts Cost Prio.Xbr Type 

FaO/7 Dcsg FWD 19 128.9 P2p 

SWj ftSh spanning-tree vlan 46 

VLAX0046 
Spanning tree enabled protocol iccc 
Root ID Priority 32814 

Address * (Klla.2ffla.2000 

This bridge is the rcx.it 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge 1 D Priority 328 1 4 ( prio rity 32768 sys-id-ext 46) 
Address '(Klla.2ffla.2000 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 .5 sec 
Aging Time 300 

Interlace Role Sts Cost Prio.Xbr Type 
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FaO/7 Dcsg FWD 19 128.9 P2p 

Xote in this cast 1 SW2 is the root bridge tor both (35 and 46) VLA.Xs. 
The result mav be different on vnur pod of routers and switches. 

The last step is to configure SW1 as the root bridge for VLAX 35 and SW2 as the 
root bridge for VLAX 46, as follows: 

On SW1 

SW1 (config^S panning -tree vlan 35 root primary 

To verify the configuration: 

On SW2 

SW2#Sjj spanning-trcc vlan 35 

VLAX0035 
Spanning tree enabled protocol icec 
R0O1 ID Priority 246 1 I 

Address " (H123.050b.c780 

Cost 1 9 

Port 9 (FastEthcmctO 7) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32803 (priority 32768 sys-id-cxt 35) 
Address 001a.2i0a.2000 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 

Interface Role Sts Cost Pro. Xbr Type 

FaO/23 Dcsg FWD 1 9 128.9 P2p 

On SW 1 

SW'I #Sh spanning-trcc vlan 35 

VLAX0035 
Spanning tree enabled protocol icec 
Root ID Priority 2461 I 

Address * 0023.050b.c780 
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This bridge is the root 

Hclk) Time 2 sec Max Age 20 sec Forward Delay 1 .5 sec 

Bridge ID Priority 24611 (priority 24^6 sys-id-cxt 35) 
Address '0023.050b.c780 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 Note SW1 is the root bridge 

Interlace Role Sts Cost Prio.N'br Type 

FaO/7 Dcsg FWD 19 128.9 P2p 

On S\\ 2 

S\V2(config)T*S panning -tree vlan 46 root primary 

In verify the configuration: 

On SW2 

SW2#Sh spanning vlan 46 

VLAN0046 
Spanning tree enabled protocol icee 
Root ID Priority 24622 Note this switch is the root bridge lor V LAN 46 

Address " 00 1 a. 2fi)a. 2000.^-^ 

This bridge is the root 

Hclb Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 24622 (priority 24576 sys-id-cxt 46) 
~ Address *00 la. 2ft) a. 20 00 

Hello Time 2 sec Max Age 20 sec Forward Delay 1.5 sec 
Aging Time 300 

Interlace Role Sts Cost Pro. Xbr Type 

FaO/7 Dcsg FWD 19 128.9 P2p 
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Task 10 

Delete VLAX.dat and config.tcxt on all switches and reload them before proceeding to 
the next lab. 
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Lab 7- Fallback Bridging 






Lab Setup: 



> U sc the c hart be lo w ib r add r ess ass ign men t : 



IP Ad dress in": 



Router 


Interface 


IPX Net address 


IP\ 6 Address 


\ [ AN 


Mac-address 


BB2 


FastEthcrnct 


ABCD 


23::2 /64 


20 


0000.2222.2222 


BB3 


Fast Ethernet 


ABCD 


23::3 .'64 


30 


(MM) 11.3333. 3333 



Task I 



Shutdown all the used port sun SW1 and SW3, only ports that arc connected to BB2 and 
BB3 should be in UP/UP state. 



On SW1 








SW1 (config)#int range 
S W 1 (c o nfig- i f-range)# 


ft/I 

Shut 


• 9 , ft/12 - 


24 


On SW3 








SWI (config)#int range 


rti l 


■ 11 .10 14 


-24 
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Task 2 

Configure the appropriate switch such that routers BB2 and BB3 can forward NON-IP 
traffic between VLAN 20 and 30: Fallback Bridging should be configured to accomplish 
this task. If this task is configured properly, you should be able to use "Ping** to test this 
configuration using IPv6 or IPX addressing identified in the IP addressing chart. 



Note since the task specifies that the test should be conducted using IPv6 and IPX, 
355(1 snitches \\\\\ be the only choice. Since the earlier IOS versions did NOT Inu e 
suppoit for IPv6, these snitches looked at IPv6 traffic as NON-IP, just like IPX. 

To configure Fallback Bridging: 

On SW3 

The following command assigns a bridge group number (In this case number 1) and 
it also specifies the VLAN bridge spanning-tree protocol to run in this bridge group. 

SW3(config)#b ridge 1 protocol v Ian -bridge 

The following configuration assigns the bridge group that was created with the 
"Bridge 1 protocol vlan-bridge'" global configuration command to interface VLAN 
20 and 30. 

S\V3(config)#intvlan2{) 

S YV3 (c o nfig- i f)n b rid g e- g ro u p 1 

S\Y3(config-it)#int vlan 30 

S W3 (c o nfig- i t)$ b rid g e- g ro u p 1 

To verify the configuration 

On SW3 

If the output of your "Show bridge'" command does NOT reveal the MAC address 
of BB2 and BB3, you should generate some traffic (For example: Pinging BB3 from 
BB2 using the IPv6 or IPX) so the bridge will see the MAC addresses. 

S\V3#Sht)w bridge 
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Br Group Mac Address State Type Ports 




I 0000,777,3,2222 Forward DYNAMIC VI20 FaO/12 

1 00-00.3333.3333 Forward DYNAMIC V130 FaO/13 

To test the configuration : 

On BB2 

BB2#Ping23::3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echo s to 23::3 S timeout is 2 seconds: 



Success rate is 100 percent (5''5), round-trip min.'avg'max = 0/0/4 ms 

BB^Ping IPX ABCD.0000 3333.3333 

Type escape sequence to abort. 

Sending 5. 100-bvtc IPX Novell Echoes to ABCD.0000. 3333.3333. timeout is? seconds: 


(MM 

Success rate is 100 percent (S'5), round-trip min.'avg'max = 1/2/4 ms 




Task 3 

Configure the switch such that ONLY static entries are bridged, if this switch is 
configured properly, the switch should NOT bridge dynamically learnt Mac addresses. 






On SW3 

In the previous task, the switch (SYV3) learned the MAC addresses dynamically, and 
it bridged the traffic between the VLANs. The following command prevents the 
switch to forward frames to stations that it has learned dynamically. 

SW3(config)#NO bridge 1 acquire 

To verify the configuration: 

Note the output of the following "Show'" command reveals that the dynamically 
learned MAC addresses are discarded: 




cc 
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On SW 3 

SV^Show bridge 

Br Group Mac Address State Type Ports 

I 11)00.2222.2222 discard DYNAMIC VI20 FaO/12 

1 0QOO3333J333 discard DYNAMIC V130 FaO/13 

To test the configuration: 
On BB2 



BB2*Ping IPX ABCD.OOOO. 



■,*,■,■, ■,■,■*•, 



Type escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.3333 3333, timeout is 2 seconds: 

Success rate isO percent (0/5) 

BB2#Ping23::3 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 23::3 S timeout is 2 seconds: 

Success rate isO percent (0/5) 

'I'u complete the configuration: 

The following two commands add the MAC addresses of BB2 and BB3 

statically, therefore, since the traffic from dynamically learned MAC addresses are 
discarded, the traffic with statically configured MAC addresses will be forwarded. 

On S\V3 

S \Y3 (c o nfig)#B rid gel ad d res s 00 . 22 2 2 . 22 2 2 f o rw a rd 

SW3(config)#Bridge 1 address CM) 00. 3333. 3333 forward 

To verify the configuration: 
On BB2 
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S VV3*Show bridge 

Br Group Mac Address State Type Ports 

I 00 00.2222.2222 Forward Static - 

i 0000.3333.3333 Forward Static - 

To test the configuration : 

BB2*Ping23::3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 23::3, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 0.1. '4 ms 
BB2*Ping IPX ABCD.HOOO.3333.3333 

Type escape sequence to abort. 

Sending 5 r 100-bytc IPX Novel! Echoes to ABCD.0000. 3333.3333, timeout is2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 



Task 4 

Configure the appropriate switch such that routers BB2 and BB3 can forward NON-IP 
traffic between VLAN 20 and 30: you should configure Failback Bridging to accomplish 
this task. If this task is configured properly, you should be able to use "Ping"' to test this 
configuration using IPX addressing identified in the addressing chart. IPv6 addressing 
should NOT work when conducting tests using the Ping command. 



Note because 3560 snitches support IPv6, they do not consider IPv6 as NON-IP 
traffic; therefore, thej do not bridge IPv6 traffic. 

On BB2 

BB2(config>#default interface l'0'l 

BB2(config)#intf0 

B B 2 (co n fig- iQ#m ac -add res s 00 .2222 2222 

BB2(config-if)#ipx Network ABCD 
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BB2(config-ii>ipv6 address 23:: 2/64 
BB2(config-ii>no shut 

On BB3 

B B 3 (co n fig)#dciau It in teriacc ID/ 1 

BB3(config)#intfOO 

B B 3 (co n fig- ii>mac -ad d res s 00 . 33 3 3 . 33 3 3 

BB3(config-il>ipx Network ABCD 

BB3(config-iO#ipv6 address 23:: 3/64 

B B 3 (co n fig- iO#no s hu t 

On SW 1 



SWl (config)#int Alii 

SWl (config-if)#swi mode ace 

SWl (config-if)#swi ace v 20 

SWl(config.ii)#intra.''12 
SWl (config-if)#swi mode ace 
SWl (config-ii")#swi ace v 30 

SWl (config)#int vlan 20 

S W 1 (c o nfig- i f)#b ridgc-gr □ u p 1 

SWl (config-if)#int vlan 30 
SWl (c o nfig- i f)#b ridgc-gr o u p I 

SWl (config)#B ridge 1 protocol vlan- bridge 



To verify the configuration: 



On SW 1 

5W3#ShDw bridge 

Br Group Mac Address State Type Ports 



noun.::::.:::: RmKu-d dynamic \".:n 

0000.3333.3333 Forward DYNAMIC V130 



To test the confh'uration: 
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On SW 1 

BB2*Ping23::3 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 23::3, timeout is 2 seconds: 

Success rate isO percent (O.'S) 

Note the above Ping failed but the following Ping worked, 

BB2*Ping ipx ABCD. 0000.3333.3333 

Tvpc escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.3333.3333, timeout is2 seconds: 

Mill 

Success rate is 1(10 percent (5'5), round- trip min/avg'max = 1/2/4 ms 



Task 5 



Configure Rl based on the following chart: 



Router 



Interface 



IPX Net 

address 



IPv6 

Address 



VLAN 



Mac -address 



R 



Fast Ethernet 



ABCD 



64 



DclLiu'.l 



0000. 



On Kl 

R 1 (c o n fig)# ipx ro uti ng 

Rli;config)#intfO/0 
R! (con fig- if)#mac -address 
Rli;eonfig-ii>mac-addrcss(X)00. 1 1 I 
Rl (config-if)#ipx Network ABCD 
Rl (config-iiyipv6 address 23:: 1/64 
Rlfconfig-if)#no shut 

On SW I 



SWl (config)#intcrfacc fG'O 
SWUconfie-ifWno Shut 
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S W 1 (c o nfig)#in t v Ian I 

SW1 (config-if)#brk]gc-group 1 

SW1 (config-if)r*no shut 

To test the configuration: 
On Kl 

Ripping ipx abcd.0000.2222.2222 

Type escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.2222.2222, timeout is 2 

seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 



To verity the configuration: 



OnSWl 



SWl#Show bridge 



Br Group Mac Address State Type Ports 

I MOO. I I I 1. 1 1 I I Forward DYNAMIC Vll 

I 0000.2222.2222 Forward DYNAMIC V120 

I 0000.3333.3333 Forward DYNAMIC V130 



task 6 

Erase the startup configuration on the routers. Switches and reload them before 
proceeding to the next task. 
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Lab 8 
Multiple Spanning Trees (802.1s) 



Task I 

The first Catalyst switch should be configured with a hostname of Cat- 1 and the second 
Catalyst should have a hostname of Cat-2. 



On the first Switch 

Switch(contig)#Hostnamc Cat- 1 

On the Second Switch 

S wile h(co n tig )#Ho stnamc Cat-2 



Task 2 



Configure ports FO/2 1-24 on Cat-! and Cat-2 in shutdown state. 



On Both Switches 

Cat-2(config)#int range FO/2 1-24 
C at - 2i c o n tig- i f-r an ge)#S hu t 



Task 3 

Ports F0 1 9-20 on both switches should be in trunking mode, these ports should use an 
industry standard protocol to establish the trunk. 



On Both Switches: 



(coniig)#int range fO'l 9-20 
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(conlig-il-rangc)#S\vitchport trunk encapsulation dotlq 
Cat-Hconiig-if-range^S^itchport mode trunk 



Task 4 

Create VLAXs 12. 34. 56. and 90 on Cat- 1 and ensure that these VLANs arc propagated 
to Cat -2 via VTP messages. 



On Cat-1 




Cat- l(config)#vlan 12,34,56,90 




Cat- l(coniig-vlan)#cxit 




To verify the configuration : 




On Cat-1 




Cat- l#Sh vlan hr exc unsup 




V L AN N aine S t at us 


Ports 


I default active 


FaD/I t FaG/2 t FaQ/3 t FaD/4 




FaO/5, Fa0/6, Fa0/9, FaO/ 10 




FaO'll,FaO/12, FaO 13, FaD/14 




FaO 15, FaO 16, FaO 17, FaO/ 18 




FaO/ 19, FaO 20, FaO 23, FaO/ 24 




GK)/l r GiO/2 


12 YLAN0012 active 




34 VLAN0034 active 




56 VLAN0056 active 




90 VLAN0090 active 




On Cat-2 




Cat-2#Sh vlan br exc unsup 




V L AN Name S tat us 


Ports 


1 default active 


FaO/l,FaO/2, FaO/3, FaO/4 




FaO: 5, FaO 6, FaO 9, FaO 10 
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FaO II, FaO 12, FaO, 13, FaO.T4 
FaO / 1 5, FaO- 1 6 9 FaO/17, FaO/18 
FaO.T9, FaD/20, FaD/23, FaD/24 
G 10/1,010/2 

Note none of the switches are in VTP transparent mode, and yet the VLANs are not 
getting propagated from Cat-1 to Cat- 2. This is because the VTP domain name is 
not configured, if the VTP domain name is not configured, the switches \*ill NOT 
propagate their VLAN information across the trunk links. For the purpose of this 
lab VTP domain name of *"TST'" is treated so Cat-1 propagates the VLAN 
information to Cat- 2. 

On Cat-1 



Cat-l(config)#vtp domain TST 

Note the above command configures a VTP domain name, if the other switch does 
not have a domain name configured and a trunk has been established between the 
two switches, Cat-1 will convey the domain name \ia VTP messages and the two 
switches will synch up their VLAN information based on the highest \TP rev 
number. In this task, since a name has not been specified, a domain name of "1ST" 
has been configured. 



To verify the configuration: 



On Cat-2 

Cat-2~Sh vian brief 1 cxc tin sup 

VLAN Name Status Ports 

1 default 



12 VLAN0012 

34 VLAN0034 

56 VLAN0056 

90 VLAN0090 



active FaO. I , FaO 2, FaO 3, FaO/4 
FaO ,'5, FaO 6, FaO ,9, FaO/10 
FaO/ 1 1 , FaO/ 1 2, FaO/ 1 3, FaO/ 1 4 
Fall 15, FaO/16, FaO.T7, FaO/18 
FaO /1 9, FaO '20, FaO/23, FaO/24 
GiO/l,GiO/2 

active 

active 

active 

active 
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Task 5 

Configure all the ports except FQ 1 9 and FO/20 in shutdown mode. 






On Both Switches 

Cat-x(coniig)#int range ft) 1-18 , FO/21-24 
Cat - xf co n tig- i f-r an gc ) U S hu t 






Task 6 

Configure Multi-instance of Spanning Tree on these two switches using the follows 
policy: 

1 . There should he two instances of STP, instance 1 and 2 

2. The revision number should be 1 

3. The MST region name should be "CC IE" 

4. Instance 1 should handle VLAXs 12 and 34 

5. Instance 2 should handle VLAN 56 

6. All future VLAXs should use instance 

7. Instance 1 should use FQ'19 

8. Instance 2 should use FO/20 

9. Cat-I should be the rcx.it bridge for the first instance 

10. Cat -2 should be the root bridge for the second instance 








On Both Switches 

The default mode for spanning-tree is PVST, the output off the following Shorn 
command verifies this information: 

#Show spanning- tree summary The default mode of Spanning-tree 

Suit eh is in pvst mode 

Root bridge for: none 

Extended system ID is enabled 

( The rest of the output is omitted) 

On Both Su itches 
(config^Spanning-tree mode mst 
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This command enables and changes (he mode of the spanning-tree on the snitch 
to MST. 

To verify the configuration: 

On Both Switches: 

^Sh spanning- tree sum 

Snitch is in mst mode (IEEE Standard) 
i The rest of the output is omitted) 

To configure MST on the switches: 

On Both Switches: 

iconfig^Spanning-trcc mst configuration 

The above command enters the MST configuration mode 

(confjg-msOnRcviskm 1 

The above command sets the MST configuration revision number to 1. The range 
for this number is 1-65535. 

lconfig-mst)#N~amc OCIE 

The above command configured the name of the region to be "CCIE" 

(config-mst)#lnstancc 1 vlan 12,34 
( co nfig-mst)# Instance 2 vlan 56 
( c o nfig- mst)#cx it 

MST supports 16 instances, once the spanning-tree mode is changed to MST and 
the MST configuration mode is entered, instance is created and all VLANs are 
mapped to that instance. The above commands map the requested VLANVs to the 
specified instances, and by default all the future VLANs or VLAN/s that are not 
statically mapped to a given instance will be assigned to instance 0, instance is 
the Catch all instance. 

To verify this configuration: 
On both Switches 
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ftShow spanmng-trec mst config unit ion 

Name [CCIEJ 

Rev i sio n I ] nsta nc es Co n figu red 3 

] nst ance V la ns m ap p cd 

1- 1 U 1 3-3335-55, 57-4094 

1 12,34 

2 56 



To Verify the configuration before configuring the next portion of the 

task: 

On Cat-1 

Cat- lf*Sho\v spanning-trcc bridge 

Hello Max Fwd 
MST Instance Bridge ID Time Age Dly Protocol 



20 


15 


mstp 


20 


15 


mstp 


20 


15 


mstp 



MSTO 32768(32768, 0) 0015.639d.5880 2 

MSTI 32769(32768, 1) 0015.639d.5880 2 

MST2 32770(32768, 2) 0015.639d.5880 2 

Note this, command displays the BID for your snitch (This, is NOT the BID of the 
root Bridge), and instead of assigning a BID to each VI. AN, there is a BID for 
each instance, the priority is incremented based on the instance number, this is 
the only time that \»e see a priority value of 32768 assigned to a VI. AN or a group 
ofVLAVs. 

To see the root bridge tor a gjyen instance: 

On Cat-1 

Cat- lSShow spanning- tree mot 

Root Hello Max Fwd 

MST Instance Root ID Cost Time Age Dly Root Port 

MSTO 32768 0015.639d.5880 2 20 15 

MSTI 32769 (H115.639d.5880 2 20 15 

MST2 32770 (K115.639d.5880 2 20 15 

On Cat-2 
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: 


20 


15 


FQ 19 


2 


20 


15 


F0T9 


-» 


20 


15 


FQT9 



Cat-2ffShow spanning-trcc root 

Root Hello Max Fwd 

MST Instance Root ID Cost Time Age Dly Root Port 

MSTO 32768 00 1 5. 63 9d. 5880 

MST I 32769 00 1 5. 63 9d 5880 200000 

MST 2 32770 00 1 5. 63 9d 5880 200000 

The above command displays the BID ol the root bridge lor different instances. 
The output may vary based on the Switch's BID. 

Enter the following command to see which switch has a BID value of 
"0015.639d.5880": 

Cat-l"Sh version 1 Inc Base cthcrnct 

Base ethernet MAC Address : 0015:fi39D:5880 

On Cat-1 

Cat-lfconfig^Sparining-trcc mst 1 priority 
Cat- l(conlig)#Sp arming-tree mst 2 priority 4096 

On Cat-2 

Cat-2(config)#Sparining-trcc mst 1 priority 4096 
Cat-2(config)ffSparming-trcc mst 2 priority 

The above commands will change the switch priority such that Cat-1 will be 

chosen as the root switch for instance 1 and Cat-2 will be chosen as the runt 

bridge for instance 2. 

By default the "Spanning-tree extend system-id"" is configured as part of your 

startup configuration, because the extended system id is set, the priority must be 

configured in increments of 4096. Remember the lower value has higher 

preference. 

To verify the configuration: 

On Cat-1 

Cat- Iff Show spanning root 

Root Hello Max Fwd 
MST Instance Root ID Cost Time Age Dly Root Port 



CHE R&«* by Nai-Mk KucharLans Advanced CC1E R&S Work Book 2.0 Page 243 of 1068 

C2Q09 Mar bib Kucharuni. AH rijjhU reserved 



MSTO 


32768 


MST1 


1 


MST2 


: 



00I5.639d.5880 2 20 15 

0015.639d.5880 2 20 15 

001c.i901.3d80 200000 2 20 15 FaO/19 

The local switch (Cat-1) is the root bridge for instance and 1 (This may be 
different based on your s\> itch's BID). The column that specifies the Root ID 
shows the priority lor MSTI and MST2 as 1 and 2 respectively, the priority is the 
sum of instance number plus the Priority. Remember that this switch's priority 
is set to zero. 

Note this switch is not the root for MST2. Another indication that it is not the 
root for instance 2 is the mot port, remember that the root bridge does not have 
any ports set as root lor the \ LANs or in this case Instances that it's the root 
bridge for. 

On Cat-2 

Cat-2ffShow spanning mot 

Root He llo Max Fwd 
M ST Instance Root ID Cost Time Age Dly Root Port 



MSTO 32768 0015.639d.5880 2 20 15 FaO/19 

MSTI I 00 15. 63 9d. 5880 200000 2 20 15 FaO/19 

MST2 2 001c.f901.3d80 2 20 15 

Note Cat-2 is the root bridge for instance 2, whereas, Cat-1 is the root for MST 
instances of and 1. 

To configure the last portion of this task, the existing state is displayed in the 

output of the following show command: 

On Cat-1 

Cat- IffShow spanning int ft) " 1 9 

Mst Instance Role Sts Cost Prio.Nbr Type 

MSTO Dcsg FWD 200000 128.21 P2p 

MSTI Dcsg FWD 200000 128.21 P2p 

MST2 Root FWD 200000 128.21 P2p 

Cat- Iff Show spanning int fll'20 

Mst Instance Role Sts Cost Prio.Nbr Type 
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MSTO 


Dcsg 


FWD 200000 


128.22 P2p 


MST1 


Desg 


FWD 200000 


128.22 P2p 


MST2 


A. in 


BLK 200000 


128.22 P2p 


On Cat-2 








Cat-2#Shmv 


spanning int 10 19 




Mst Instance 


Role 


Sts Cost 


Prio.Nbr Type 


MSTO 


Root 


FWD 200000 


128JZ1 P2p 


MST1 


Root 


FWD 200000 


128.21 P2p 


MST2 


Dcsa 


FWD 200000 


128.21 P2p 



Cat-2#Show spanning int f0'20 

Mst Instance Role Sts Cost Prio.Nbr Type 

MSTO Altn BLK 3)0000 128.22 P2p 

MST I Altn BLK 200000 128.22 P2p 

MST2 Dcsg FWD 200000 128.22 P2p 

Note based on the output of the above Show commands, traffic for all MST 
instances take port F0T9 and none of the instances are using port ID.' 20. 
To configure items 7 and 8, port-priority command is used as follows: 

On Both switches 

(coniig)#JntFfl.i9 

(config-ifj^Spanning-trcc mst I port-priority High prior ity 

('coniig-if)# Spanning- tree mst 2 port-priority 128 

(config)#[nt F(V20 

(config-ifj^S panning- tree mst 1 port-priority 128, 
(coniig-itVSpanning-trce mst 2 port-priority 0' 

In this task Port-priority is used when selecting an interface to put into the 
forwarding state for a given instance: a lower value has a higher priority. 
In this case port FO/19 xrill be used by all the VLANs that are assigned to 
instances & 1, because it has a higher priority (Lower value), and instance 2 
will use port F0'2(l because it has been configured with a higher priority (Lower 
value). 
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To vL'ritv the configuration : 




On Cat-1 






Cat-l#Show spanning-trcc int fD.-*" 1 Q 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Dcsg FWD 200000 128.21 P2p 
MSTl Dcsg FWD 200000 0.21 P2p 
MST2 Altn BLK 200000 128.21 P2p 




Cat- L#Sh spanning-trcc int fl). 20 






Mst Instance Role Sts Cost Prio.Xbr Type 






MSTO Dcsg FWD 200000 128.22 P2p 
MSTl Dcsg FWD 200000 128.22 P2p 
MST2 Root FWD 200000 0.22 P2p 






On Cat-2 






Cat-2#Sho\v spanning-trcc int ID IS 1 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Root FWD 200000 128.21 P2p 
MSTl Root FWD 200000 0.21 P2p 
MST2 Dcsg FWD 200000 128.21 P2p 




Cat-2*Sh spanninL'-trcc int fll'20 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Altn BLK 200000 128.22 P2p 
MSTl Altn BLK 200000 128.22 P2p 
MST2 Dcsg FWD 200000 0.22 P2p 




Note insl antes & 1 use port F(1'19 whereas, instance 2 uses port HV20. 
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Task 6 

Erase the startup configuration and vlan.dat before proceeding to the next lab 
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Lab 9 
Private VLANs 






Task I 

The first switch should be configured with a hostname of SW1 and the second switch 
should be configured with a hostname of SW2 








On the First Switch 
Switch(config)#Hostnamc SVV 1 
On the Second Switch 
Switch(config)#Hostnamc SW2 






Task 2 

Shutdown ports FO/21-24 on SW1 and SW2 






On Both Switches: 

(config^int range fCl 2 1 -24 
(co nfig- i f-rangc)#sh u t 






Task 3 

Configure trunking between SWI and SW2 using ports FQ 19 and FO 20. Use an industry 
standard trunking protocol tor this purpose. Assign a brief meaningful description to 
these interfaces. 






On Both Switches 

S\Vxi;config)#]ntcrfacc range It) 19-20 
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SWx(config-il-range)#S witch trunk cncap dot! q 
S\Vx(config-if-rangc)#Switch mode trunk 
SYVx(config-if-range)#Dcscriptk>n Trunk to SWx 

Note you should replace the "x" on "SWx" in the description with the appropriate 
Switch number. 

————————— R eco m m en d a ti Oil— — — — — — — 

II tht; description is configured lor each interlace, the output ol the "Show interlace 
status'" can help understand the topology of the I ah. 

'i'o verify the configuration: 

On SW I 

SWlftShow int trunk 

Po rt Mod c E nc ap su latkj n Statu s N at i vc v Ian 

FaO/ 1 9 on 802. lq trunking I 

FaO/20 on 802. lq trunking 1 

Port Vlans allowed on trunk 

FaO 19 1-4094 
FaO 20 1-4094 

Port Vlans allowed and active in management domain 

FaO 19 1 
1/20 I 



Port Vlans in spanning tree forwarding state and not pained 

FaO; 1 9 I 
FaO/20 none 

On SW 2 

SWZftShmv int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq trunking I 

FaO/20 on 802. lq trunking 1 

Port Mans allowed on trunk 

FaO 19 1-4094 
FaO/20 1 -4094 
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Port Vlans allowed and active in management domain 
FaO. 19 1 
FaO/20 I 

Port Vlans in spanning tree forwarding state and not pruned 
FaO' 19 I 
FaO/20 1 






Task 4 

Assign IP addressing to the interlace of the routers using the following chart and ensure 
that these routers can ping each other: You should assign a brief meaningful interface 
description on the switchports. 






Router 


Interface 


IP address and Subnet mask 




Rl 


F0 


200. 1. I.I 24 


r: 


FO 


200.1.1.2 24 


R3 


FO-'l 


200.1.1.3 24 


R4 


F00 


200.1.1.4 24 


R5 


FC»-'l 


200.1.1.5 '24 


R6 


FWl 


200.1.1.6 24 


E3B1 


F(M 


200.1.1.7 24 


BB2 


FO 


200.1.1.8 24 


BB3 


FO 


200.1.1.9 24 










On KI 

Rlfconfig)#]nt FO'O 

Rl (config-if)#Ip address 200. 1.1.1 255.255255.0 

R 1 (con fig- it>No shut 

On R2 

R2(config)#lnt F0/0 

R2(config-if)#]p address 200. 1.1.2 255.255255.0 

R2(config-ii>No shut 

On R3 

R3(conf]g)*]nt F0/1 
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R3(config-if)f*lp address 
R3(config-ityNo shut 


200.1.1 


.3 255.255.255.0 


On R4 








R4(config)Mnt FO 
R4(eonfig-if)#]p address 
R4(config-if)#Na shut 


200.1.] 


4 ?S S 7SS i 


"0 


On R5 








R5(config)#IntF0/l 
R5(cc)nfig-if)#]p address 
R5(config-if)#No shut 


200.1.1 


.5 255.255.2 


55.0 


On R6 








R6(config)#IntF0/l 
R6fconfig-if)rr ]p address 
R6(config-if)# "So shut 


200.1.1 


.6 255.255.. 


Z55.0 


On BB1 








BBl(contlg)#IntFO/! 

BB 1 (config-if)* Ip address 200.1 

BB1 (eonfig-if)# No shut 


] 7 7SS 75* 


5 ?55 


On BB2 








BB2(contlg)#intFCW3 
BB2(config-ii>ip address 200.1. 
BB2(config-it>Xo shut 


1.8 255.255 


255.0 


On BB3 








BB3(eonfig)#intF(W 
BB3(contlg-if)#ip address 200.1 . 
B B 3 (co n fig- it>No s hu t 


1.9 255.255 


255.0 


On SW1 








S\Vl(config)#lntF0 1 
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S W 1 (c o nfig- i t>D t; SC ri p li on R 1' s WW Q 

SWI (config)#Int F0'2 
SWl(config-if)#De«cription R2"s FD/D 

SWI (config)#Int range FO/3 , FQ-5-9 , FQ/12-18 , FO/21-24 
SWI (config-if-range)#Dt!si:ription — 

SWI (config)#Int FQ'4 

SWI (config-iiWe-sc ription R4 ? s FO/fl 

SWl(config)«iitF(yi2 

SWI (config-if)#Desi: ription BBTs FWO 

SWl(config)#lntFG'13 

SWI (config-if)#Dt;si: ription BB3 ? s FO/H 

SWI (ccmfig)#Int range FQ-'l 9-20 
SWl(config-if-rangc)#Desi:riptmn Trunk to SW2 

On SW2 

SW2(config)#Im range FO/1-2 ,F0/4 , FQ ; 1 0-18 ,FQ/2 1-24 
S W2 (c o nfig- i f-range)#D e s t; ri p li cm -- ■ 

SW2(config)#Int FQ'3 

S W2 (c o nfig- i i>D a SC ri p li o n R3 ' s WW 1 

SW2(config)#Int FO/5 

S W2 (c fl nfig- if|#Dese ri p ti o n RS's FO/1 

SW2(config)#Int FQ''6 
SWZfconfig-itWescriplion Rfi*s FW1 

SW2(config)#lntFQ/ll 
S\V2(config-ii>DBsc ription BBTs Ffl/1 

SW2(config)#lnt range FQ'l 9-20 
SW2(config-if-range)#D esc ription Trunk to SWI 

To test and verify the configuration: 
On RI 
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RlsPing 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.2, timeout is2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg max = 1/2/4 ms 

Rl*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avy/max = 1/2/4 ms 

Rl^Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg max = 1/2/4 ms 

Rl#Fing200.L1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 

lllll 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.8 

Type escape sequence to abort. 
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Sending 5, 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

RljPjjjg 200.1.1.9 

Type, escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

I M M 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 



Task 5 

Configure the switches such that the ports that arc not used arc in administratively down 
state. Use minimum number of commands for this task. 



On S\\ 1 










SW1 (config)#int range FO/3 , FO/5 , FO/10, F0 '14-18 , 


FO/21-2 


4 


SW1 (config-if-rangc)* 


'Shut 








To verify the ctinf 


miration: 








On S\\ 1 




SWl#Sh int status 










Port 


Name 


Status 1 


Ian Duplex Speet 


Type 


FaO/1 


Rl'sFO'O 


connected 


1 a- full 


a- 100 


10/lOOBascTX 


FaO/2 


r: s fq'O 


connected 


1 a-tlill 


a- 100 


10/ 100BaseTX 


FaO/3 


-- 


disabled 


1 auto 


auto 


10/ 100BaseTX 


FaO/4 


R4's FG'O 


connected 


I a-full 


a- 100 


10. 100BaseTX 


FaO/5 


.. 


disabled 


auto 


auto 


10." 100BaseTX 


Fa0'6 


,. 


disabled 


auto 


auto 


10 -100BaseTX 


FaO " 


_. 


disabled 


auto 


auto 


10 "100BaseTX 


FaO 8 


.. 


disabled 


auto 


auto 


10; 100BaseTX 


FaO/9 


~ 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/ 10 


— 


disabled 1 


a- lull 


a- 100 


10: 100BaseTX 


FaO/ 11 


BBl'sFO-0 


connected 


a- lull 


a- 100 


10 100BaseTX 
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Fat)/ 12 BB2's FO/0 


disabled 1 


auto 


auto 


10- 100BaseTX 








FaO/13 BB3'sF0/0 


disabled 1 


auto 


auto 


10- 100BaseTX 








FaO/14 -- 


disabled 1 


auto 


auto 


10 100BaseTX 








Fa0/15 - 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/16 -- 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/17 -- 


disabled 1 


auto 


auto 


10 ■100BaseTX 








FiiO/18 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/19 Trunk!:. S "A 2 


connected trunk 


a- mil 


a- 100 


10/ 100BaseTX 








FaD/20 TranktoSW2 


connected trunk 


a-full 


a- 100 


10 100BaseTX 








FaD/21 -- 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaO/22 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








Fa0/23 -- 


disabled 1 


auto 


auto 


10 100BaseTX 








FaO/24 -- 


disabled 1 


auto 


auto 


10; 100BaseTX 








On SW 2 
















S\V2(config)#int range FO/1-2 , FO/4 , FO/8-10, FO'12- 


18 .FW2I-24 








S\V2(config-ifl#Shut 
















To verify the configuration: 














On SW2 
















SW2#Sh int status 
















Port Name 


Status Vlan 


Duplex Speed 


Type 








FaOT - 


connected 1 


a- mil 


a- 1 00 


Hi' 100BaseTX 








FaO/2 ■■ 


connected 1 


a-full 


a- 100 


10. 100BaseTX 








FaO/3 R3'sF0/l 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/4 - 


connected 1 


a- mil 


a- 100 


lO.TOOBascTX 








FaO/5 R5\s FO/1 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/6 Rfi'sPOVl 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/7 » 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO/8 - 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaO/9 - 


disabled 1 


auto 


auto 


10^ 100BaseTX 








FaO.TO - 


connected 1 


a-full 


a- 100 


lO.TOOBascTX 








FaOTl BBl'sFD/O 


connected 1 


a- mil 


a- 100 


lO.TOOBascTX 








FaOT 2 - 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaOT 3 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO/14 -- 


disabled 1 


auto 


auto 


10/100BascTX 








FaOT 5 -- 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaOT 6 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/17 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO 18 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 
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FaO/19 


Trunk to SW2 connected 


trunk 


a- Hill a- 100 


lOTOOBascTX 


FaO/20 


Trunk to S W2 co nn ec ted 


trunk 


a- foil a- 100 


10/lOOBascTX 


FaO/21 


disabled 


i 


auto 


auto 


10/ 100BaseTX 


FaD/22 


disabled 


1 


auto 


auto 


10. 100BaseTX 


FaQ/23 


disabled 


1 


auto 


auto 


10/ 100BaseTX 


FaO/24 


disabled 


1 


auto 


auto 


lOTOOBascTX 


Note th 


e interface description can be ex 


remely helpf 


ul spec 


ally if the switches are 


configu 


red in transparent mode. 


and' or 


the task asks 


for the 


configuration of 


allowed VLANs on the trunks. 











Task 6 



Configure Private VLANs based on the following policy: 



Router 


Interface 


VLAN- Type 


\ LAN-ID 


Rl 


FII/0 


Primary 


in 


R2 


PO/fl 


Co mm unitv 


20 


R3 


PO/1 


Community 


20 


R4 


FO'O 


Community 


30 


R5 


F0/1 


Community 


3ii 


R6 


FO/ 1 


Isolated 


40 


BB1 


Foy i 


Isolated 


40 


BB2 


PO/0 


Isolated 








Isolated 





Private-VLANs are typically seen in service provider networks, this feature addresses 
two major problems that the providers used to face: 

1. N u rn b e r o f C li e n ts : If every client was in a VLAN of their own, the provider 
will be restricted to 4094 clients, which is the maximum number of VLANs 
on a given switch. 

2. Routing between VLAN>i >&■ IP addressing: Routing between VLANs will be a 
nightmare, and the number of wasted IP addresses that result from 

Submitting will be enormous, 

Private-VLANs solves these two issues, with Private-VLANs a VLAN is sub-divided into 
sub- VLANs or sub- do mains. 
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Private- VLANs consist of one primary', and one or more secondary VLANs, the 
secondary VLANs can be either Community VLANs or Isolated VLANs. 

A Primary VLAN can have many Community VLANs, but it can ONLY have a 
Single Isolated VLAN. 

Ports in a Private- VLAN: 

There are three types of ports in Private-VLAN and they are as follows: 

1. Promiscuous : A promiscuous port belongs to the primary VLAN: this port 
can communicate with all ports that are member of a secondary VLAN/8 
(Community and'' or Isolated) that are associated with the primary VLAN 
that it belongs. 

2. Isolated : An isolated port is a host port that belongs to an isolated secondary 
VLAN. The host ports that are member of a given Isolated VLAN can NOT 
Communicate with each other. These ports can ONLY' communicate with the 
Port configured as Promiscuous port. 

3. Community : A community port is a host port that belongs to a community 
Secondary \ LAN. Community ports can communicate with ports in the same 
Community VLAN and with the port that is configured as promiscuous ports. 
These ports can't Communicate with other ports in other Community VLANs. 

On Both Switches: 

In order to configure private-vlans, the switches must be configured in Transparent 
mode as follows: 

(config)#vtp mode transparent 

The following commands configures the primary VLAN 

iconi:g)-\lan 10 

(config-vlan)#private-vlan primary 
( co nfig- v Ian )#E x i t 

The following tv»o VLAVs are defined as the community secondary VLANs, there could 
be many community VLANs: 

(config)#vlan 2(1 
(conlig-vlan)nprivate-vlan community 
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i;coniig)#vlan 3(1 

( co nlig- vlan )f*priv ate- vlan community 

There can ONLY' be one isolated secondary VI. AN: 

(confag)#vlan 40 

( c onfig- v Ian )f*pri\ ate- vlan isolated 

The following command associates the secondary \ LANs to the primary: 

(config)#vlan 1 CI 

(conJig-vlan)rrprivate-\lan association add 20,30,40 

To verify the conf'iauration: 

On Both Switches: 

SWjcgSjjgw vlan private- vlan 

Primary Secondary Type Ports 

10 20 community 

10 30 community 

1 40 isolated 

The output off the above show command displays the secondary VLANs that are created 
so far and the primary VLAN to which they are associated. 

OnSWl 

The following command sets F0/1 interface in promiscuous mode, assigns the port to 
primary VLAN 10 and maps VLANs 20, 30 and 40 to this interface: 

S\Vl(config)#lntF0/l 

SW1 (config- iiV* Switch port mode private- vlan promiscuous 

SW1 (co nfig-if)* Switch port private- vlan mapping 10 2030,40 

The ports that belong to a given secondary VLAN must be configured in host mode. The 
following command sets FO'2 interface in a host mode, associates this port to VLAN 10 
(The primary VLAN) and assigns this port to VLAN 20 which was configured as a 
community secondary VLAN earlier: 

SWl(config-ii>]ntF0/2 

S VV 1 (c o nfig- i fjjj Sw i t ch p o rt m o d e p r iv a t e- v 1 an host 
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S W 1 (c o nfig- i tV* Sw i t eh p o rt p ri\ a t e- v la n h o st -a ssoc i a t i o n 1 (I 2 

The following command sets HI/4 interface in a host mode, associates this port to VLAN 
10 (The primary VLAN) and assigns this port to VLAN" 3(1 which was configured as a 
community secondary VLAN earlien 

S\V](config-ii>]ntF0/4 

S W 1 (c o nfig- i f)?* Sw i t ch p o rt m o d e p r iv a t e- \ I an h o st 

S \V 1 (c o nfig- i i)n s w i t ch p o rt pr iv a t e- v la n ho st - a ssoc i a t i on 1 30 

The following command sets HI/ 11 and FO'12 interfaces in a host mode, associates these 
ports to VLAN 10 (The primary VLAN) and assigns these ports to VLAN 4(1 which was 
configured as an isolated secondary VLAN earlier 

SW1 (config)#l nt range HI' 11-12 

SW1 (co nfig- if)?* Switch port mode private- v Ian host 

S YV1 (config-if>Sw itch port private-vlan host -association 10 40 

To verify the configuration: 



On SW I 

SWl*Sh vlan pri 

Primary Secondary Type Ports 



10 20 community FaOT, Fa0/2 

10 30 community FaO.'l,FaO/4 

10 40 isolated FaD/1, Fa0/ll, FaD/12 

On SW2 

SW2(config)*Int F0/3 

S \V2 (c o nfig- if)#Sw itch port mode private-vlan host 

S\V2(config-if)f#Sw itch port private-vlan host -association 10 20 

SW2(config)#lntF0/5 

SW2(config-if)#Sw itch port mode private-vlan host 

S\V2(config-if)?*Sw itch port private-vlan host -association 10 30 

SW2(config)*lnt range FO/6 , Fll/l 1 

S W2 (c o nfig- it)n Switch port mode private-vlan host 

S\V2(config-ii)? f switchport private-vlan host-association 10 40 
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To verify the configuration: 

On SW2 

S\V2ttS how vlan privatc-vlan 

Primary Secondary Type Ports 



10 20 community FaO 2 

10 30 community FaO/5 

10 40 isolated Fa0/6 S FaO/H 

To test the configuration: 

On Rl 

Rl*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 20O.LL2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgrnax = 1/1/4 ms 

RlftPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round- trip min/avg max = 1/2/4 ms 
RlfrPing 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 
RlftPing 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is I seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 
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Rl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 

Rigging 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1,7, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Rigging 200. 1.1.8 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avg max = 1/2/4 ms 

Rl#Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Note Rl is able to ping all routers because it is eon figured to be in promiscuous mode, 
this in ted ace can bethought of as the default gateway. 

On R2 

R2*Pina 200. I.I.I 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 

R2*Ping 200.1.1.3 

Type escape sequence to abort. 
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Sending 5, 100-bytclCMP Echosto 200. 1.1.5, timeout is 2 seconds: 

(MM 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 








Note R2 is able to ping Rl nhich is the port in the primary VLAN 

same community VLAN. 


and R3 which is in the 






R2#PinK 200.1.1.4 








Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 200.1.1.4, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2*Ping 200.1.1.5 








Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 200.1.1.5, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2#Ping 200.1.1.6 








Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.6, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2*Ping 200.1.1.7 








Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1. 1.7, timeout is 2 seconds: 








Success rate isO percent (0/5) 








R2*Pins 200.1.1.8 








Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echos to 200. 1.1.8, timeout is 2 seconds: 








Success rate isO percent (0/5) 








R2*Pin« 200.1.1.9 








Type escape sequence to abort. 
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Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 
Success rate is (1 percent (0/5) 

Note R2 was NOT able to ping the other routers because they are NOT in primary or in 

the same community secondary VLAN. 

On K3 

RgsPing 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. L timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5*5), round- trip min/avg'max = 1/2/4 ms 
R3*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. L2, timeout is 2 seconds: 

VMM 

Success rate is 100 percent (5/5), round-trip min/avg'max - 1/1/4 ms 

Note 113 is able to ping Rl which is the port in primary VLAN and the router in its own 
community secondary VLAN, which is R2. 

R3g Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 
R3#Pjjjg 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. L5, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R3#PJBg 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 
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Success rate is I) percent (0/5) 

R3*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 200. 1.1.1 0. timeout is 2 seconds: 

Success rate is percent (0/5) 

R3*Ping 200. 1.1.8 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R3#Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.10, timeout is 2 seconds: 

Success rate is percent (0/5) 

Note 113 can NOT piny the other routers because they are in another secondary VLAN, 

On K4 

R4?Ping 200. 1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. 1, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 
R4#Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/1/4 ms 

Note R4 is able to ping Rl which is the port in primary VLAN and the router in its own 

community secondary VLAN, which is R5. 
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R4*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.2, timeout is2 seconds: 

Success rate is (I percent (0/5) 

R4*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

R4^Ping 200. 1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4#Ping 200.1.1.8 

Tvpc escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200.1.1.8, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4*Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 

Success rate is percent (0/5) 

Note R4 can NOT piny the other routers because they are in another secondary VLAN. 
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On R5 

R5*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1, i. i, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min'avg'max = 1/2/4 ms 
R5#Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 
i n H 

Success rate is 100 percent {515% round-trip min/avg. max = 1/2/4 ms 

Note R5 is able to ping Rl uhich is the port in primary VLAN and the router in its own 
community secondary VL.AX (R2). 

R5#Ping 200.1.12 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 13, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.13 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200.1.1.7, timeout is 2 seconds: 
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Success rate is (I percent (0/5) 

R5#Ping 200.1.1.8 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 



Success rate is percent (0/5) 

R5*Fing 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 



Success rate is percent (0/5) 

Note 115 can NOT piny the other routers because they are in another secondary VLAN. 

On R6 

R6*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 

Note R6 is able to ping Rl which is the port in primary VLAN but it can NOT ping any 
other router, even though BB1, BB2 and BB3 are in the same VLAN, but remember thai 
the VL\N is defined as isolated; the hosts in isolated VLAN do NOT have reachability 

to each other. 

R6*Ping 200.1.12 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.2, timeout is 2 seconds: 



Success rate isO percent (0/5) 

R6*Ping 200.1.13 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 
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Success rate is (I percent (0/5) 

R6*Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1. 1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200. 1.1.8 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1.1.8, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6* Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

Success rate isO percent (0/5) 

On BB1 

BBl*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 
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Success rate is 100 percent (5/5), round-trip min/avg 'max = 1/1/4 ms 

Note BR1 is able to pint; Rl which is the port in primary VLAN hut it can NOT piny tiny 
other router, even though R6, BB2 and BB3 are in the same VLAN, hut remember that 
the VL\N is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachability to each other. 

BBI*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1.1.2, timeout is 2 seconds: 



Success rate is II percent (0/5) 

BBlflPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate isO percent (0/5) 

BBIflPing 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBlflPing 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is 2 seconds: 

Success rate isO percent (0/5) 

BBl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200.1.1.6, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBiaPina 200.1.1.8 
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Type escape sequence to abort. 

Sending?, lQQ-bytc 1CMP Echos to 200.1.1.8, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBIflPing 200. 1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 



Success rate isO percent (0/5) 
On BB2 

BB2f*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgmax = 1/1/4 ms 

Note BB2 is able to piny Rl which is the port in primary VLAN but it can NOT ping any 
other router, even though R6, BB1 and BB3 are in the same VLAN, but remember that 
the VLAN is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachability to each other. 

BB2#Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.2, timeout is 2 seconds: 



Success rate isO percent (0/5) 

BB2*Ping 200. 1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 
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Success rate is I) percent (0/5) 

BB2*Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 200. 1. 1.5, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1. 1.6, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 



Success rate is percent (0/5) 
On Bjj3 

BB3*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5'5), round-trip min/avg max = 1/1/4 ms 

Note BB3 is able to piny Rl which is the port in primary VLAN hut it can NOT ping any 
other router, even though R6, BB1 and BB2 are in the same VLAN, hut remember that 
the VLAN is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachahilitv to each other. 
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BB3^Ping 200.1. 1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1. 1.2, timeout is 2 seconds: 

Success rate is percent (0/5) 

BRggPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.3, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

BB3*Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3*Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is percent (0/5) 
BB3*Ping 200.1. 1.6 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3#Pjng 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3*Ping 200. 1.1.8 

Type escape sequence to abort. 
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Sending 5, 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 
Success rate is (I percent (0/5) 



Task 7 

Reconfigure the IP addressing of the hosts that belong to the two community secondary 
VLAXs based on the following chart and provide IntcrVlan muting between them: The 
hosts in the other secondary VLAXs should still be able to reach the host in the primary 
VLAX. You can use static mutes and any IP addressing to accomplish this task. 



Routers 


IP address 


VLAX-1D 


R2 
R3 


202. 1 . 1 .2 .24 

202.1.1.3 '24 


20 
20 


R4 
R5 


203. 1.1.4 .'24 

203.1.1.5 '24 


30 
30 



On R2 








R2(config)#int «D/0 
R2(config-if)#ip add 


r 202.1. 


] 7 ?SS ">^ -■ 


55.0 


R2(config)nip route 


0.0.0.0 0.0.11.0202.1 


.1.1011 


On R3 








R3(config)#intiu71 
R3(config-ii>ip add 


r 202.1. 


1.3 255.255.255.0 


R3(config)#ip route 


0.0.0.0 0.0.0.0 202.1 


.1.100 


On R4 








R4(config)#int ftl.'O 
R4(config-if)#ip addr 203. 1. 


1.4 255255.255.0 


R4(config)nip route 


0.0.0.0 0.0.0.0203.1 


.1.100 


On R5 
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Rj5(ccmfig)#mtfl)/1 

R5(config-ii>ip addr 203. 1. 1.5 255255.255.0 

R5(config)#ip route 0.0.0.0 0.0.0.0 203.1.1.100 

On SWI 

S W 1 (c o nfig)#1 p rou t i ng 

Note two IP addresses are configured under interface VLAN 10, a primary and a 

secondary, the primary IP address is used by VLAN 20 and the secondary is used by 

the hosts in VLAN 30. 

The "Private-vlan mapping" command maps the secondary VLAYs to their layer 3 

VLAN interface, in this case VLAN 10 which is the layer 3 interface of the primary 

VLAN. 

S\Vl(config)#intvlan 10 

SW1 (corffg-ifpip addr 202. 1.1.1 00 255.255.255.0 
SWI (config-if)#ip addr 203. 1.1 .1 00 255.255.255.0 sec 
S W 1 (c o nfig- i f)#p riv a t e- \ I an mapping 20 ,30 

With the "Private-vlan mapping" interface configuration command, secondary 
VLANs can be added or removed using the "Private-vlan mapping add, or Private- 
vlan mapping remove" interface configuration command. After this command is 

entered, you should get the following messages: 

%PV-6-PV_MSG: Created a private vian mapping. Primary 10, Secondary 20 
%PV-6-PV_MSG: Created a private vtan mapping, Primary 10, Secondary 30 

'l'» verify tlu 1 configuration: 

On S\V 1 

SWI #Shmv interlaces private-vlan mapping 
Interlace Secondary VLAN Type 



vlanlO 20 community 

vlanlO 30 community 

To test the configuration: 
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On R2 

R2#Ping 203. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 203. 1. 1.4, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min'avg'max = 1/2/4 ms 
R2#Ping 203.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 203. 1. 1.5, timeout is 2 seconds: 



Success rate is 100 percent (4/5), round-trip rnin.'avg'max = 1/1/4 ms 
On BB1 

BBIffPing 200. 1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 

MIM 

Success rate is 100 percent (5/5), round-trip rnin.'avg'max = 1/2/4 ms 



Task8 

Erase the startup conlig and reload the routers before proceeding to the next task. 
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Lab 1 - Hub-n-Spokc using Frame-relay map 

statements 



10.1.1044 .'24 




SD.'Ci 




- 



10.1. 100 J .'24 Sfi/D 




X 



5 Ci'D 



W. 1.1002 .'24 




IP adLirL'ssiim and PLC I information Chart: 



Routers 


I l J address 


Local I) LCI 


Connecting to: 


R l's Frame- relay interface SO.'O 


ID. 1.100. 1 24 


102 
103 

104 


R2 
R3 

R4 


R2*s Frame-relay interface SO/0 


10.1.100.2/24 


201 


Rl 


R3's Frame- relay interface SO/0 


10.1.100.3 24 


301 


Rl 


R4*s Frame-relay interface SO/0 


10. 1.100.4 '24 


401 


Rl 
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Task I 

Configure a frame-relay Hub and spoke using frame- re lay map statements. Use the IP 
addressing in the above chart. 

Disable invcrsc-arp such that the routers do not generate invcrsc-arp request packets, and 
ensure that only the assigned DLCls arc used and mapped, these mappings should be as 
follows: 

> On Rl : 102, 103 and 104 should be mapped to R2, R3 and R4 respectively. 

> On R2. R3 and R4 : DLCls 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 

respectively ibr their mapping to Rl (The hub). 

In the future Eigrp routing protocol will be running on these routers, ensure that the 
routers can handle the Multicast traffic generated by the Eigrp routing protocol. DC) NOT 
configure any sub -interfaces to accomplish this task. 
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On kl 

Rl(config)#]nt SO/0 

Rl(config-it>lp address 10.1. 100.1 255.255.255.0 

Rl (config-if)# Encapsu lation frame 

Rl(config-if> Frame- re lay map ip 10.1.1 00.2 102 broadcast 

R 1 (c o n fig- if)# Frame- re lay map i p 10.1.100.3 1 3 bro adc ast 

Rl(config-if)#Framc-relay map ip 10.1.100.4 104 broadcast 

Rl(config-if)#NO frame-relay invcrsc-arp 

Rl(config-if)#NO shut 

To verify the configuration: 

On kl 

Rl#Show frame map 

SerialU/0 (up): ip 1(1.1.100.2 dlci 102(0x66,0x1860), static. 

broad east, 

CISCO, status defined, inactive 
Serial!)!) (up): ip 10.1.100.3 dlci 1 03 (0x67,0x1870), Static, 

broadcast, 

CISCO, status defined, inactive 
Serial!) (up): ip 10.1.100.4 dlci 104(0x68,0x1880), static, 

broadcast, 

CISCO, status defined, inactive 

Note you mav see DLCls 105 and 106 mapped to 0.0.0.0 IP address, these dynamic 
mappings may not affect Unicast traffic, but they will definitely affect Multicast 
and/or Broadcast traffic, therefore, they should be removed from the mapping table. 
The "clear frame-relay inarp" command will NOT have any effect on these entries, 
whereas, saving the configuration and then reloading the routers will definitely clear 
the 0.0.0.0 mappings. Another way to clear the "0.0.0.0" mapping is to remove the 
encapsulation and reconfigure the encapsulation back again, but once the 
encapsulation is removed, the frame- re lay maps are also removed, therefore, the 
frame-relay maps must be re-entered. 

On kl 



Rl#Wr 

R I ^Reload 
Rlr*Show frame man 
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SerialOO (up): ip 10.1.100.2 did 102(0x66.0x1860). static, 
broadcast. 
CISCO, status defined, inactive 

SeiialO (up): ip 10.1.100.3 dlci 103(0x67,0x1870), static, 
broadcast, 
CISCO, status defined, inactive 

Serial!) (up): ip 10.1.100.4 dlci 104(0x68.0x1 880). static. 
broadcast. 
CISCO, status defined, inactive 

Note the inactive status means that the problem is on the other side of the VC, in 
this case the other end of these VCs are not configured yet, and once they are 
configured, the status should transition to active state. 

The following explains the output oJ the "Show frame- relay map"" command: 
In this case the first mapping is analyzed: 

SerialO (up): ip 10.1.100.2 dlci 102(0x66,0x1860), static, 
broadcast. 
CISCO, status defined, inactive 

SeriaIO/0 (up): ip 10.1.100.2: 

This is the interface through which IP 10. 1.100.2 is found. 

Did 102* '0x66,0x1 860), static: 

Dlci 102, this is the local DLCI that is mapped to 10.1.100.2. In the parentheses you 

find 2 Hexadecimal values, in this case: 0x66, 0x1860: 

If the Hexadecimal 0x66 is converted to decimal, the result is 102, which is the local 

DLCI number. 

The second Hexadecimal value 0x1860, indicates hon the DLCI is split into two 

sections "ithin the Frame-relay header, remember that the first 6 bits (The most 

significant 6 bits) are in the first byte and the last 4 bits of the DLCI, is found in the 

beginning of the second byte of the Frame-relay frame, as follows: 

Convert 0x1860 to Binary: 



1 


8 


6 





0001 


1 


0110 





Take the most significant 6 bits, in this case: 0001 10 
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Take the most significant 4 bits of the second byte, in this case: Oil 

Note the most significant 6 bits of the first byte and the most significant 4 bits of the 
second byte are concatenated into a 10 bit value, as follows: 

00011001100(1 

If the above binary number is converted to decimal, you should see 102. 

On K2 

R2iconfig)#]nt S0/0 

R2 icon fig- ii>Ip address 10.1.100.2 255255.255.0 
R2(config-if)#Encapsulation frame 

R2(config-if)#Framc-rclay map ip 10. 1.100.1 201 broadcast 
R2 (c o n fig- if)#\"( ) f ra m e-r e I a y i n v erse- a rp 
R2(config-if>NO shut 

To vcritv the confix uration: 

On R2 

R2*Ping 10. 1.100.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1. 100. 1, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/56/60 ms 

R2#Show frame map 

ScrialO/0 (up): ip 10.1.100.1 dlci 20 l(0xC 9,0x30 90), stalk, 
broadcast, 
CISCO, status defined, active 

On K3 

R3i;config)#]nt S0/0 

R3(config-if)#Ip address 10.1.100.3 255255.255.0 

R3 (c o n fig- if)rrEncap su latio n frame 

R3(config-if)f#Framc-rclay map ip 10. 1.100.1 301 broadcast 

R3(config-if)#\0 frame-relay inverse-arp 

R3(config-it>N() shut 
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To verify the configuration: 

On jg 

R3#Pbg 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is 2 seconds: 
i mi 

Success rale is 1 (10 percent (5/5), round- trip rnin/avg'max = 56/56/60 ms 

R 3" Show frame map 

ScrialO/0 (up): ip 10.1. 100.1 did 3Ol(Oxl2D,0x48DO), static, 
broadcast, 
CISCO, status defined, active 

On R4 

R4(config)#Int SO/0 

R4(config)#]p address 1.0.1. 100.4 255.255.255.0 

R4 (c o n fig)#E neap su lati o n frame 

R4i;con%)n ! Framc-rclay map ip 10.1.100.1 401 broadcast 
R4(eonfig)#M) frame-relay inverse-arp 

R4(config)#NO shut 

To verify the configuration: 



On K4 

R4nShow frame map 

SerialO'O (up>: ip 10.1.100.1 dlci 401(0x191,0x6410), static, 
broadcast, 
CISCO, status defined, active 

R4*Ping 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56 57 60 ms 
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Task 2 

Ensure that every router can ping every IP address connected to the cloud. When 
■configuring this task, ensure that the hub router docs NOT receive redundant routing 
traffic . 



On Kl 

Tu test the existing con figuration: 

RlsPing 10. 1.100. 1 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 10. 1. 100. 1, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note in a multipoint frame-relay configuration, two conditions must be met before an 
IP address is reachable: 

A. The destination IP address must be in the routing table with a valid next hop. 

B. There must be a frame-relay mapping for that destination. 

In this case the destination IP address is in the routing table, but the frame-relay 
mapping is missing. Configure the frame-relay mapping as follows: 

On Kl 



R I (c onfig)#l nt crfacc SO'O 
Rli;config-ii>Frame-relay map ip 10.1.100.1 102 

Note there is no need to add the "broadcast'" keyword for this configuration. 
To verify the configuration: 

On Kl 

RlsShow frame map 

Serial!)!) (up): ip 10.1.100.1 dlci 102(0x66,0x1860), static, 
CISCO, status defined, active 
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SeiiaKI (up): ip 10.1.100.2 did 102(0x66.0x1860). static, 
broadcast. 
CISCO, status defined, active 

SerialO (up): ip 10.1.100.3 dlci 103(0x67,0x1870), static, 
broadcast, 
CISCO, status defined, active 

SerialO (up): ip 10.1.100.4 dlci 104(0x68.0x1880). static, 
broadcast, 
CISCO, status defined, active 

Rl*Ping 10.1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.1.00.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 1 12/115/124 ms 

On R2 

R2(config-if)#] ntcrlacc S0/0 

R2i;config-iO#Frarne-relay map ip 10.1.100.3 201 
R2i;config-it>Frame- relay map ip 10.1.100.4 201 
R2it:onfig-il>Frame-relay map ip 111.1.100.2 201 

To verify the eonl'igumtion: 



On R2 

R2*Ping 10.1.100.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc 1CMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1 12/114/120 ms 

On R3 

R3<COnfig)#] ntcrlacc SO/0 

R3(config-iiyFrame-relay map ip 10.1.100.2 301 
R3i;config-ii>Frarne-relay map ip 111.1.100.4 301 
R3 (con fig- if)?* Frame- relay map ip 10.1.1003 301 



CHE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 284 of 1068 

C2009 NarbikKochariaiu. All rig h Unnerved 



To verify the configuration: 




On 113 




R3*Ping 10.1.100.3 




Type escape sequence to abort. 




Sending 5 r 100-bytc 1CMP Echos to 10. 1. 100.3, timeout is 2 


seconds: 


Mill 




Success rate is 100 percent (5/5), round- trip min/avg'max = 


1 12/114/120 ms 


On R4 




R4i;config)#]ntcdacc SO/0 




R4(config.if>Frame-relay map ip 1(1.1.100.2 4111 




R4iconfig-il>Fi ame-i elay map ip 10.1.1003 401 




R4iconfig-il>#Fi ame-i elay map ip 10.1.100.4 401 




Note when configuring the frame-relay mapping from one spoke to another spoke, the 


'"broadcast" keyword should not he used, if this keyword 


is used, the hub router will 


receive redundant routing traffic. This can he verified by 


running RIPv2 and 


performing a "debug ip rip"" command on the hub router 




To verify the configuration: 




On R4 




R4#P3ng 10.1.100.2 




Type escape sequence to abort. 




Sending 5, 100-bytc [CMP Echos to 10. 1. 100.2, timeout is 2 


seconds: 


(MM 




Success rate is 100 percent (5/5), round-trip min/avg'max = 


112/112/1 16 ms 


R4*Ping 10.1.100.3 




Type escape sequence to abort. 




Sending 5, 100-bytc 1CMP Echos to 10. 1. 100.3, timeout is 2 


seconds: 


MM* 




Success rate is 100 percent (5/5), round-trip min/avg'max = 


1 12/112/116 ms 


R4#Ping 10. 1.100.4 
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Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.4, timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/120 ms 

On R3 

R3#Ping 10.1.100.2 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

| M (I 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 16 ms 






Task 3 

Configure the routers such that the LM1 status inquiries arc sent every 5 seconds and Full 
Status LM1 requests arc sent every 3 cycles instead of 6. 








By default frame-relay routers generate LMI Status inquiries every 10 seconds, and 
a full status inquiry every 6" cycle (Every 60 seconds). The interval for status 
inquiries can be changed using the "Keepa live'' command, whereas, the "Frame- 
relay Imi-n391dte'" command can be used to change the interval for the complete 
status inquiries. 

NOTE the output of the following debug command reveals the status in qui lies and 
full status inquiries: 

On Rl 

R If* Debug frame lmi 

♦Nov 24 19:59:57.407: Scria 10/0 (out): StEnq, myscq 125, jmirsccn 124, DTE up 
♦Nov 24 19:59:57.407: datagramstart = Ox3F401ED4, datagramsizc= 14 
*Nov24 19:59:57.407: FR encap = 0x000 10308 
♦Nov 24 19:59:57.407: 00 75 95 01 01 01 €3 02 7D 7C 

♦Nov 24 19:59:57.41 1: Scria 10/0 (in): Status, myscq 125, pak size 14 

♦Nov 24 19:59:57.41 1: RT IE 1 , length 1 , type'l 

♦Nov 24 19:59:57.41 1: KA IE 3, length 2 r yourscq 125, myscq 125 




cc 
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♦Nov 24 20:00:07.407: 


Scria 10.' (out): StEnq, myscq 126. yoursccn 125, DTE up 








♦Nov 24 20:00:07.407: 


datagramstart = 0x3F6B0294, datagramsizc = 14 








♦Nov 24 20:00:07.407: 


F Ren cap =0x00010308 








♦Nov 24 20:00:07.407: 


00759501 01 01 03027E7D 








♦Nov 24 20:00:07.411: 


ScrialO.'O(in): Status, myscq 126, pak size 14 








♦Nov 24 20:00:07.411: 


RT1E 1, length 1, type 1 








♦Nov 24 20:00:07.411: 


KA IE 3, length 2, yourscq 126, myscq 126 








♦Nov 24 20:00: 17.407: 


ScrialO.'O(out): StEnq, myscq 127, yoursccn 126, DTE up 








♦Nov 24 20:00:17.407: 


datagramstart = 0x3F400C 14, datagramsizc= 14 








♦Nov 24 20:00: 17.407: 


FR encap = 0x000 10308 








♦Nov 24 20:00:17.407: 


00759501 01 01 03027F7E 








♦Nov 24 20:00:17.407: 










♦Nov 24 20:00: 17.411: 


Scria 10/0 (in): Status, myscq 127, pak size 14 








♦Nov 24 20:00:17.411: 


RT IE 1, length 1, type 1 








♦Nov 24 20:00:17.411: 


KA IE 3, length 2, yourscq 127, myscq 127 








♦Nov 24 20:00:27.407: 


ScriaK)'O(out): StEnq, myscq 128, yoursccn 127, DTE up 








♦Nov 24 20:00:27.407: 


datagramstart = 0x3F6AF394, datagramsizc = 14 








♦Nov 24 20:00:27.407: 


FRcncap =0x000 10308 








♦Nov 24 20:00:27.407: 


00 75 95 01 01 01 03 02 80 7F 








♦Nov 24 20:00:27.407: 










♦Nov 24 20:00:27.411: 


ScrialO.'O(in): Status, myscq 128, pak size 14 








♦Nov 24 20:00:27.411: 


RT IE 1, length 1. type 1 








♦Nov 24 20:00:27.411: 


KA IE 3 S length 2, yourscq 128, myscq 128 








♦Nov 24 20:00:37.407: 


ScrialO.'O(out): StEnq, myscq 129, yoursccn 128, DTE up 








♦Nov 24 20:00:37.407: 


datagramstart = 0x3F644ED4, datagramsizc = 14 








♦Nov 24 20:00:37.407: 


FRcncap =0x000 10308 








♦Nov 24 20:00:37.407: 


00 75 95 01010103 02 81 80 








♦Nov 24 20:00:37.407: 










♦Nov 24 20:00:37.411: 


Scria 10/0 (in): Status, myscq 129, pak size 14 








♦Nov 24 20:00:37.411: 


RT IE 1, length 1, type 1 








♦Nov 24 20:00:37.411: 


KA IE 3, length 2, yourscq 129, myscq 129 








♦Nov 24 20:00:47.407: 


Scria 10/0 (out): StEnq, myscq 130, yoursccn 129, DTE up 








♦Nov 24 20:00:47.407: 


datagramstart = 0x3F6B03D4, datagramsizc = 14 








♦Nov 24 20:00:47.407: 


FRcncap =0x11)010308 








♦Nov 24 20:00:47.407: 


00 75 95 010100 03 02 82 81 








♦Nov 24 20:00:47.419: 


Scria IO/0( in): Status, myscq 130, pak size 59 








♦Nov 24 20:00:47.419: 


RT1E 1, length 1, type 








♦Nov 24 20:00:47.419: 


KA IE 3, length 2, vourscq 130, mvscq 130 
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♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 102, status 0x2 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 103, status 0x2 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 
*Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 105, status 0x0 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 106, status 0x0 

Note the status inquiries are sent every 10 seconds, these messages are "type Is", 
whereas, the complete status inquiries are generated by the local router every 6 ' 
cycle, these message are "type ()'" messages, and when the frame-relay switch 
receives these messages it responds with all the DLCIs that are configured for that 
given router. 

To i'han»i' thi'si' timers: 



On all roiiti'rs 

(config)#]nteriacc S0/0 
j config-iOr'Keepalive 5 
(conlig-it^Fra me- relay Imi-n391dte3 

To test the i-ontljjuration: 

RxfrDcbug frame LM1 

♦Nov 24 20: 13:52.4 1 1 : ScrialO/Ofout): StEnq, myscq 22 1 , youreccn 220, DTE up 
♦Nov 24 20:13:52.41 I : datagramstart = 0x3F6AEFD4, datagramsizc = 14 
♦Nov 24 20: 1 3:52.4 1 1 : FR encap = 0x000 1 0308 
♦Nov 24 20:13:52.41 1:00 75 95 01 01 (II 03 02 DD DC 

♦Nov 24 20:13:52.415: ScrialO/0(in): Status, myscq 221, pak size 14 

♦Nov 24 20:13:52.415: RT IE 1, length 1, type 1 

♦Nov 24 20: 1 3:52.4 1 5: K.A IE 3, length 2, yourscq 22 1 , myscq 22 1 

♦Nov 24 20:13:57.41 1: Scria 10/0 (out): StEnq, myscq 222, youreccn 22 1, DTE up 
♦Nov 24 20:13:57.41 1: datagramstart = Ox3F400D54, datagramsizc = 14 
♦Nov 24 20: 1 3:57.4 1 I : FR encap = 0x000 1 0308 
♦Nov 24 20:13:57.41 1: 00 75 95 01 01 (II 03 02 DE DD 

♦Nov 24 20:13:57.415: Scria 10/0 (in): Status, myscq 222, pak size 14 

♦Nov 24 20:13:57.415: RT IE 1, length L type'l 

♦Nov 24 20: 1 3:57.4 1 5: KA IE 3 4 length 2, yourscq 222, myscq 222 

♦Nov 24 20:14:02.41 1: ScrialO/0(out): StEnq, myscq 223, youreccn 222, DTE up 
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♦Nov 24 20:14:02.41 1: datagramstart = 0x3F6AF394, datagramsizc = 14 
*Nov 24 20: 1 4:02.4 1 I : FR cncap = 0x000 1 0308 

♦Nov 24 20:14:0241 1: 00 75 95 01 01 00 03 02 DF DE 

*N"ov24 20:14:02.423: ScrialO.'O(in): Status, myscq 223, pak size 59 
*Nov 24 20:14:02.423: RT IE 1, length I, typed 
♦Nov 24 20:14:02.423: KA IE 3, length 2, yourscq 223, myscq 223 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 102" status 0x2 

♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dki 103, status 0x2 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 105, status 0x0 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dki 106, status 0x0 

Note initially the router and the frame-relay switch exchange two "type 1" inquiries, 
and the third message that the local muter generates is a "type ()'" messages which 
tells the switch to respond with all the DLCls. 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 2 - Hub-n-Spokc using Frame-relay Point- 



to -Point configuration 




SQ/0.12 10.1.12.1/24 
i S0/Q.13 10.1.13.1/24 
^9Q«X14 10.1,14.1/24 



10.1.144/24 




styo.41 




IP mi circs sin" and PLC I information Chart: 



Routers 


I l J address 


Local DLCl 


Connecting to: 


RTs Frame- relay interface 


lO.l.lli (24 

I0.U3.1 24 
I0.1.14.1 24 


102 

103 
104 


R2 
R3 
R4 


R2*s Frame- relay interface 


10.1.12.2/24 


201 


Ri 


R3's Frame- relay interface 


10. 1.13.3 24 


301 


RI 


R4*s Frame- relay interface 


10.1.14.4/24 


401 


RI 
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Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured with Point-to-point sub- interface's, and ensure that 
only the assigned DLCls arc used, these DLCls should be as follows: 

> On Rl: 102, 103 and 104 should be used tor connections to R2, R3 and R4 
respectively. 

> On R2, R3 and R4: DLCls 20 1 , 30 1 and 40 1 should be used on R2 r R3 and R4 
respectively for their connection to Rl (The hub). 

These routers should be able to ping every IP address within their IP address space. 



On \U 

Rl(eonfig)#Intcrfaec SO/0 
Rl(config-if)# Encap frame 
R! fconfig-itVNo shut 
Rli;config-ii>Exit 

Rlfconfig ^Interface SOU 12 point-to-point 
RKconfig-subii^Ip address 10.1.12.1 255.255.255.0 
R 1 iconfig-subif)#Framc-rclay intcrfacc-dlci 102 
Rli;config-subif)#Exit 

Rl i;config-subif)#lnterfacc SO 0.1 3 point-to-point 
Rl(config-subif)#Ip address 10.1.13.1 255.255.255.0 
R I iconfig-subif!i#Framc-rclay intcrfacc-dlci 103 
Rl(config-subif)#Exit 

R 1 (c o n fig-s ub if)#l ntcrfacc SO.'0 . 1 4 po i nt - to - p o in t 
RKconfig-subiiVlp address 10.1.14.1 255.255.255.0 
Rl (config-subif)T* Frame-relay intcrfacc-dlci 104 
R 1 iconfig-subif)#Exit 



To verify the configuration: 



On Rl 



Rl^Show frame map 
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ScrialO. 0.12 (up): point-to-point dlci, dlci 102(0x66,0x1860), broadcast 

status defined, active 
ScrialO/0.14 (up): point-to-point die i, dlci 104(0x68,0x1880), broadcast 

status defined, active 
ScrialO/0.13 (up): point-to-point dlci, dlci 103(0x67,0x1870), broadcast 

status defined, active 

Note %v3i u:i frame-relay is configured in a point-to-point manner it's important to 

understand the follow ing two behaviors: 

A. There is no need to disable sending inverse-arp packets, because inverse-arp 
is disabled when frame-relay is configured in a point-to-point manner. 

B. No need for frame-relay mapping's, because there can only be another routei 
on the other end of the PVC, therefore, all IP addresses (This includes the 
local router's IP address) are reachable as long as the destination IP address 
is in the muting table with a valid next hop IP address. 

On R2 

RZiconfig^Int SO/0 
R2(config-if)#Encap frame 
R2(config-if>No shut 
R2iconfig-ifVExit 

R2(config)#]nt SO/0.21 point-to-point 
R2i;config.subif')#Ip address 10.1.122 255.255.255.0 
R2fconfig-subif)#Framc-rclay interface-die i 20 1 
R2(config-subif)#Exit 

10 verity and ti'.st the eontl miration: 

On R2 

R2"Show frame map 

ScrialO/0.21 (up): point-to-point dlci, dlci 201 (OxC 9,0x3090), broadcast 
status defined, active 

R2*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5. 100-bytc fCMP Echosto 10. 1. 12.1 , timeout is 2 seconds: 
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Success rate is 100 percent (5:5), round-trip min/avg'max = 56/56/60 ms 

R2#Ping 10. 1.1 2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echosto 10.1.12.2, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip rnin/avg'max = 1 12/114/120 ms 

On K3 

R3(config)#]nt SO/0 
R3(config-if)# Encap frame 
R3(config-if)# No shut 
R3(config-ii> Exit 

R3(config')#Int SO/0.31 point-to-point 
R3(config-subif)#lp address 10.1.13.3 255.255.255.0 
R3(config-SLibii)#Framc-rclay intcrfacc-dlci 301 

To verify and test the configuration: 



On K3 

R3^Sho\v frame map 

ScrialO/0.31 (up): point-to-point dlci, did 301(0xl2D,0x48D0), broadcast 
status defined, active 

R3*Ping 10. 1.1 3.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13. 1 „ timeout is 2 seconds: 

(MM 

Success rate is 1 HO percent (5/5 ), round-trip min/avg'max = 56/56/60 ms 
R3#Phg 10.1.13.3 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.13.3, timeout is 2 seconds: 



Success rale is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 
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On R4 

R4(config)#]nt SO/0 

R4 (con fig- if)#E neap frame 

R4(config-ii>*Xo shut 

R4(config-if)#Exit 

R4(config)#Int SO. 0.41 point-to-point 
R4(config-subif)#lp address 10.1.14.4 255255.255.0 
R4(config-subii)#Framc-relay intcrlacc-dki 40 1 

To verify and test the configuration: 

On K4 

R4#Sho\v frame map 

ScrialO/0.4 1 (up): point-to-point dki, dlci 40 1 (0x1 9 1 ,0x64 1 0), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56/60 ms 

R4*Ping 10. 1.14.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echos to 10.1.14.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 3 - Mixture of Point-to-point and 
M ultip oin t lira mc-rcl a y 




SO/0. 14 S0.-0.123 
10.1.14.1 HA ,10.1.123.1 I2A 




W addressing and L.U.CI information Chart: 



RoUtei'S 


I V address 


Local DLCI 


Connecting to: 


Rl ^s Frame-relay interface 


10 A, 123 J 24 

10.1.123.1,24 
10.1.14.1 24 


102 
103 

104 


R2 

R4 


R2*s Frame- relay interface 


10.1.123.2/24 


201 


Ri 


R3 : s Frdmc- relay interface 


10.1.123.3 24 


301 


Rl 


R4'$ Frame- relay interface 


10.1.14.4 '24 


401 


Ri 
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Task 1 

Configure frame-relay on the routers as follows: 

Rl: This router should be configured in a point-to-point manner for it's 

connection to R4 and in a Multipoint manner for its connection to R2 and R3. 
Use the IP addressing and DLCI information in the above chart. 

R2i This router should be configured in a point-to-point manner for its connection to 
Rl. Use the IP addressing and DLCI information in the above chart. 

R3: This router should be configured using its main interface for its connection 
to Rl. Use the IP addressing and DLCI information in the above chart. 

R4: This router must be configured in a point-to-point manner for its connection 
to Rl. Use the IP addressing and DLCI information in the above chart. 

Disable inverse- arp where appropriate. These routers should be able to ping even,' IP 
address within their IP address space. 



On Rl 






Rl(config)*IntSO/0 

R 1 (config-if)# Eneap frame 

Rlfconfig-itVN'o shut 

Rli;config-it>Exit 






R 1 (c o n fig-s ub if)#l nt SO/0 .123 mu It ipo i nt 
Rl(config-subif)#Ip address 10. 1.P3.1 251 
Rl ( c o n fig-s ubif)# Frame- relay map ip 10.1 
Rl (config-subif)#Frame-relay map ip 10.1 


123.2 102 

123.3 103 


Rlfconfig^lnt SO 0.14 point-to 
Rl ( con fig-sub if)?* Ip address 10. 
R 1 (c o n fig-s ub if )?? F ra me- r el ay 


-point 

1.14.1 255.255.255.0 

interface-dlci 104 


On R2 






R2(config)??]nt SO/0 
R2(config-if)# Eneap frame 
R2(config-if)#N'o shut 
R2(config-if)#Exit 






R2i;config)#]nt SO. 0.21 point-to 


■point 
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R2(config-subif)# Ip address 10.1.123.2 255.255255.0 
R2(config-subif)# Frame- relay interface- dlci 201 

Note there is no need to disable sending in verse- a ip, because it's disabled when a 
sub- interlace is configured. 

To test and verify the configuration: 

On R2 

R2f*Shcnv frame- relay map 

ScrialO/0.2 1 (up): point-to-point dlci, dlci 20 1 (OxC 9 ,0x3090), broadcast 
st at li s defin cd , ac t ivc 

R2*Ping 10. 1 .123.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.123.1, timeout is2 seconds: 



Success rate is 100 percent (5<5)> round-trip min/avg'max = 56/57/60 nis 

On \Q 

R3(config)#]nt SO/0 
R^fconfig-if^Encap frame 

R3(config-ilVlp address 10.1.123.3 255.255.255 J) 
R3(config-if)#Frame-relay map ip 10.1.123.1 301 
R3iconfig-il>Frame-relay map ip 10.1.123.2 301 
R3(config-if>Frame-relay map ip 10.1.1 23 J 301 
R3(config-if)f#No frame-relay inverse-arp 
R3(config-if)#No shut 

To verify and test the configuration: 



Note inverse-arp should be 
Disabled because the configuration 

On R3 is done directly under the main 

interface 

R3#Shojw frame map 

ScrialO/0 (up): ip 10.1.123.1 dlci 30 1(0x1 2D, 0x4 8 DO), static, 
CISCO, status defined, active 
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ScrialO/0 (up): ip 1 0.1. 123.2 die i 30 1(0x1 .2D, 0x4 8 DO), static, 
CISCO, status defined, active 

ScrialO/0 (up): ip U). 1.123.3 dlci 30 1(0x1 2D, 0x4 8 DO), static, 
CISCO, status defined, active 

R3*Ping 10. 1. 123.2 

Typ* escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.123.2, timeout is2 seconds: 

(MM 

Success rate is 1(H) percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 

R3#Pigg 10. 1.123.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.123.3, timeout is 2 seconds: 

I M M 

Success rate is KKI percent (5/5), round-trip min/avgmax = 1 12/114/120 ms 
R3*Ping 10.1.123.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.1.23.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56/60 ms 
On K4 

R4(config)#Jnt S0/O 
R4(config-if)f#Encap frame 
R4(config-if)f#No shut 
R4(config-if)#Exit 

R4(config)#Int SO/0.41 point-to-point 
R4(config-subif)#]p address 10.1.14.4 255.255.255.0 
R4(config-subif)#Framc-rclay intcrfaec-dki 40 1 

To verify and test the configuration: 



On R4 



R4"Sho\v frame map 
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ScrialO/0.4 1 (up): point-to-point dfci, dlci 40 1 (0x1 9 1 ,0x64 1 0), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

R4#Pjag 10.1.14.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10.1.14.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max= 1 12/114/120 ms 



Task! 
Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 4 - Multipoint Frame-relay With Out 
Frame-relay mapping 



10.1.1004/24 




SO/0 




10.1100.1 Hi so/0 



- 




10,1.1 003/24 SO/0 




> 



10.1100.2/24 



SGJO 




IP addressing and PLC I infot mation Chart: 



Routers 


I l J address 


Local DLCI 


Connecting to: 


RTs Frame- relay interface 


10.1.100.1 24 


102 
103 

104 


R2 
R3 

R4 


R2*s Frame- relay interface 


10.1.100.2 '24 


201 


Rl 


R3 ! s Frame- relay interface 


10.1.100.3/24 


301 


Rl 


R4'S Frame- relay interface 


10.1.100.4/24 


401 


Rl 
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Task 1 

Configure the routers in a hub and spoke manner, with Rl as the hub and R2. R3 and R4 

as the spokes. 

Ensure that these routers have full reachability to each other with out using the "iramc- 

rclay map" command. 

Do not use PBR to accomplish this task. 



In the following solution PPPis configured on the DLCIs, when PPP is configured a 
host route is injected into the muting table, this host mute provides NLRI to the 
next hop IP address. 

On Rl 



R! feonfig^lntcrfacc SO'O 

R 1 (c o n fig- if)#Encap fra me- relay 

R! (config-if)#Frame-relay interface-dlci 102 ppp \ irtual-Templatel 

R I ic o n fig- if)#Fra me- relay interface-dlci 103 ppp Virtual- Template! 

Rl icon fig- if)r#Fra me- relay interface-dlci 104 ppp Virtual- Template! 

Rl(config)#]ntcrfacc Virtual- temp late 1 
RKconfig-ifVlp address 10.1.100.1 255.255.255.0 

On R2 

R2(config)#]nterfacc SO 

R2 fc o n fig- if)#E neap fra me- relay 

R2 (con fig- if)rrFranie- relay interface-dlci 201 ppp Virtual- tern plate 2 

R2 icon fig ^Interface Virtual- temp late 2 
R2iconfig-if>]p address 10.1.100.2 255.255.255.0 

On R3 

R3fconfig)#]ntcrfacc SO/0 

R 3 ( co n fig- if)#Encap fra me- relay 

R3(config-if)f#Frame-relay interface-dlci 301 ppp Virtual-template 3 

R3(config)#]ntcrfacc Virtual- temp late 3 
R3i;config-it>Ip address 10.1.100.3 255.255.255.0 

On R4 

R4 fc o n fig )* 1 nt crlkcc SO/ 
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R4(config-if)# Encap frame-relay 

R4 (c o n fig- if)#Fra me- relay interlace-dlei 401 ppp \ irtual-template 4 

R4(config)#]ntcrtacc Virtual- temp late 4 
R4(config-if)#Ip address 10.1.100.4 255255.255.0 

To verify and test the configuration: 

On Rl 

The injected host routes 

RlsShow ip route i Inc .'32 




C 10.1 .1 00.4/32 j^tr^y-mptTcctcd, Virtual-Acccss4 

C 10. 1.10 0. 3/32 WtfvvptXfca n nee ted , Vi rtual -Access 3 

1 0. 1.10 0. 2'3 2 urtTircc t ly co n n cc ted , Vi rtual -Ace ess 2 

ftlfPilg 10. 1. 100.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/58/60 ms 

Rigging 10. 1.100.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.3, timeout is 2 seconds: 

( (I M 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/57/60 ms 

ftlfPjng 10. 1. 100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.4, timeout is2 seconds: 

I M M 

Success rate is 100 percent (5/5), round- trip min.'avg max = 56/57/60 ms 

On K2 

R2f*Show ip route 1 Inc .'32 

C 10. 1.100. 1/32 is directly connected, Virtual -Ace ess 2 

R2*Piny 10.1.100.1 
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Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 

R2*Ping 10.1.100.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.3, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

R2#Ping 10.1.100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.4, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 
On K3 

R3*Shov,v ip route Inc. 32 

C 10. 1.100. 1/32 is directly connected, Virtual -Ace ess 2 

R3*Ping 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 100. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 

R3*P]ng 10. 1.100.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.2, timeout is2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

R3*Ping 10.1.100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.4, timeout is 2 seconds: 



CeiE R&«* by Nartiik Kucharians Advanced CCIE R&S Work Book 2.0 Page 303 of 1068 

C2009 Narbik Kucha riaiu. All rij|hU rcirrvwl 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

On K4 

R4f*Show ip route 

C 1 0. 1 .1 00. 1/32 is directly connected, Virtual -Access 2 

R4*Ping 10.1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1. 100. K timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 rns 
R4*Ping 10. 1.100.2 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/1 16 ms 
R4*Ping 10.1.100.3 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100. 3, timeout is 2 seconds: 

I M M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/1 14/1 16 ms 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 5 - Frame-relay and Authentication 



10.1.144/24 




SG0.41 




SO/0.12 10,1.12.1/24 

i S0/Q.13 10.1.13.1/24 

^80/0.14 10.1.14.1/24 




X 



1M.1Z2 24 



50jU21 



1M.1 3.3/24 SO/031 





ll* addressing and DLCl information Chart: 



Routers 


I l J address 


Loeal DLCl 


Connecting to: 


RTs Frame- relay interface 


lO.l.lll 24 
10. 1. Ill 24 
10. 1.14. 1 24 


102 
103 

104 


R2 
R3 
R4 


R2*s Frame- relay interface 


10. 1.1 2.2 .'24 


201 


Rl 


R3 ! s Frame-relay interface 


10.1.13.3 24 


30! 


Rl 


R4*s Frame- relay interface 


10.1.14.4 '24 


401 


R] 
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Task I 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured in a Point -to -Point manner as follows: 

r On Rl : DLCIs 1 02, 103 and 1 04 should be used for it's connection to R2, R3 and 
R4 respectively. 

> On R2, R3 and R4: DLCIs 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 

respectively for their point-to-point frame-relay connection to Rl iThc hub). 



On kl 

Rl(eonfig)#Jntcrfaec SO 
Rl(config-if)r#Encap frame 
Rlfconfig-if^Noshut 

R 1 fconfig)#] nt crfacc SOO. 1 2 poi nt-to -point 
Rli;config-subif)#lp address 10.1.12.1 255.255.255.0 
Rl (config-subif)#Framc-relay interface-die i 102 
Rl(config-subif)#Exit 

Rl(config)#]ntcriacc SO 0.13 point-to-point 
Rl(config.subif)# lp address 1 0.1 . 13. 1 255.255.255.0 
RI(config-subif)#Framc-rclay intcrfaec-dlci 103 

Rl(config)#]ntcriacc SO0. 14 point-to-point 
Rl(config-subif)#]p address 10.1.14.1 255.255.255.0 
Rl (config-s Lib if)#Framc- relay intcrfaec-dki 104 



'I'o verify the configuration: 



On Rl 



R I "Show frame map 

ScriaHl/0.12 (up): point-to-point dtei, did 102(0x66,0x1860), broadcast 

status defined, active 
SerialO/0.13 (up): point-to-point dlci, did 103(0x67,0x1870), broadcast 

status defined, active 
ScrialO/0.14 (up): point-to-point dlci, did 104(0x68,0x1880), broadcast 

status defined, active 
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On R2 

R2(config)#]nt SO/0 
R2(config-if)#Encap frame 
R2(config-if)£Na shut 

R2(config)#lnt SO/0.21 point-to-point 
R2(config-subif)#lp address 10.1.122 255255.255.0 
R2(config-subif)#Framc-rclay interfacc-dlci 20 1 

10 verify and test the configuration: 
On R2 

R2f*Show frame map 

ScrialO/0.21 (up): point-to-point dlci, dlci 201 (OxC 9,0x3090), broadcast 
status defined, active 

R2*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

On K3 

R3(config)#]nt SO/0 

R 3 (c o n fig- if)f#Enc ap fra me 

R3(config-ii)# No shut 

R3(coniig)#Int SO/0.31 point-to-point 
R3i;con%-subif»#]p address 10.1.13.3 255.255.255.0 
R3(config-subif)#Framc-relay interfacc-dlci 301 

To verify and test the configuration: 

On R3 

R3#Show frame map 

ScrialO'0/0.31 (up): point-to-point dlci, dlci 301(0xl2D,0x48D0), broadcast 
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status defined, active 

BJgPjmg 10.1.13.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13 I. timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 

On R4 

R4(config)#]nt SO/0 
R4(config-if)#Encap frame 
R4(config-il)#Xo shut 

R4(config)#]nt SO.0.41 point-to-point 
R4(coni.g-subif)#lp address 10.1.14.4 255.255.255.0 
R4ic cm fig-s Lib if!i#Framc- relay intcrfacc-dlci 40 1 

'i'o verify and test the configuration: 

On K4 

R4r*Sho\v frame map 

ScrialO/0/0.4 1 (up): point-to-pint did, dki 40 1 (Ox 1 9 1 ,0x64 1 0), broadcast 
st at u s d cfin cd . ac the 

R4#Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 
< h n 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 



Task 2 

Configure authentication on the routers as follows: 

A. For Rl and R2*s connection: 

R I should send a challenge when it is called by R2. 
R2 should NOT authentic ate when it is called. 
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The password for this authentication should be "ei sco 1 2*'. 

This authentication should be successful even if the host name of the router 

is changed. 

B. For Rl and R3*s connection: 

Rl should NOT authentic ate when it is called. 

R3 should use PAP authentication when it is called hy Rl. 

The password for this authentication should be "ei set) 13". 

The host name of the router should be used for this authentication. 

C. [-"or R 1 mid R4*s coiuiL'ction: 

R 1 should send a challenge when it is called by R4. 

R4 should use PAP authentication when it's called by Rl . 

The password for CHAP authentication should bc^eisco". whereas, the 

password for PAP should be set to "ciscoPAP" and the hostname should be 

configured to be "Rl-PAF*. 



For Rl and R2*s connection: 



On Rl 



Rli'config^L'scrnamc R2 password eiscol2 

Rlfconfig^lnt SO/0.12 

RI(config-if)f# No IP addr 

R!(config-if)#Frame-reIay interface-dlei 1(12 ppp virtual-template 12 

Rl(con%>#]ntS0.0. 13 

Rlfconfig-subif^No IP address 

Rl(config-subif)#Franie-relay interface-dlei 103 ppp \ iiln nt-tuinplitte 13 

Rl(config)#lntS0/0.!4 

Rl(config-subifi#No IP address 

Rl(config-subif!i#Frame-relay interface-dlei 104 ppp \ ii In LtL- tempi ate 14 

Rl (config)#]nt Virtual-Temp late 12 
Rlfconfig-ityip address 10.1.12.1 255.255255.0 
RI(config-if)frppp authentication chap callin 
Rl (config-if)#ppp chap hostname Rl 

On R2 

R2(config)#Uscrnamc Rl password ciseoll 
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R2(config)*]nt SO/0.2! 

R2(oonfig-subif)#Na IP addr 

R2(config-subif)#Frame-relay interlace-dlci 2(11 ppp virtu a I- tempi ate 21 

R2(eonfig)#Int Virtual-Temp latc2 1 
R2(config-ii>Ip address 10.1.12.2 255.255255.0 
R2(config-if)r*ppp ehap hostname R2 

To test and verily the configuration : 

On R2 

R2f* Debug ppp authentication 

R2(config)#lnt SO/0 
R2(config-il>Shut 
R2iconfig-if>*No shut 

R2iconl1g-ift*do Ping 1 0. 1. 1 2. 1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 12. 1. timeout is 2 seconds: 

♦Nov 25 23:20:57.783: %LlNK-34JPDOWN: Interlace Virtual- Acccss2, changed state to up 

*Nov25 23:20:59.639: Vi2 CHAP: I CHALLENGE id 17 len 23 from "RI" 
♦Nov 25 23:20:59.639: Vi2 CHAP: Using hostname from interlace CHAP 
♦Nov 25 23:20:59.643: Vi2 CHAP: Using password from AAA 
*Nov25 23:20:59.643: Vi2 CHAP: () RESPONSE id 17 len 23 from '"R2" 
♦Nov 25 23:20:59.659: Vi2 CHAP: I SUCCESS id 17 len 4. 

*Nov 25 23:21:00.659: %LINEPROTO-5-UPDO\VN: Line protocol on Interface Virtual- 

Access?, changed state to up.. 

Success rate is 20 percent (1/5), round-trip min/avg/max = 60/60/60 ms 

The output of the above debug command shows the "Challenge'" packet coming 
Inbound, "Response'" packet going Outbound, and the "Success" coming Inbound. 

For Kl and K3\ connection: 
On RI 



R I (config)#] nt Virtual- Temp late 1 3 
Rlfconfig-iiVlp address It). 1. 13. 1 255. 255.255.0 
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R I iconfig-if)f#ppp pap sent-username Rl password ciscc>13 

On K3 

RSfconfig'^Uscrnamc Rl password cis-eu 13 

R3(config')#lnt SO 0.3! 

R3(config-subif)#No IP address 

R3(config-subif)#Fraine-relay interf'ace-dlci 301 ppp virtual-template 31 

R3(config')#Int Virtual-Temp latc3 1 
R3(config-if)#]p address 10.1. 13.3 255.255.255.0 
R3(config-if)#ppp authentication pap callin 

To test and verify the configuration: 

On R3 

R3# Debug ppp authentication 

R3i;config)#]nt SO 
R3(config-ii>Shut 
R3(config-ii>*No shut 

RS.config-ifltfDo Ping 1 0. 1. 1 3.1 

♦Nov 25 23:36:41.419: Vi2 PPP: Authorization required 

*Nov 25 23:36:41.439: Vi2 PAP: IAI.TH-REO id 3 len 1 5 tram "Rl" 

♦Nov 25 23:36:41.439: Vi2 PAP: Authenticating peer Rl 

♦Nov 25 23:36:41.439: Vi2 PPP: Sent PAP LOGIN Request 

♦Nov 25 23:36:41.439: Vi2 PPP: Received LOGIN Response PASS 

♦Nov 25 23:36:41.443: Vi2 PPP: Sent LCP AUTHOR Request 

♦Nov 25 23:36:41.443: Vi2 PPP: Sent IPCP AUTHOR Request 

♦Nov 25 23:36:41.443: Vi2 LCP: Received AAA ALTHORRcspon.se PASS 

♦Nov 25 23:36:41 .443: Vi2 IPCP: Received AAA AUTHOR Response PASS 

♦Nov 25 23:36:41 .443: Vi2 PAP: () AUTH-ACK id 3 len 5 

♦Nov 25 23:36:41.455: Vi2 PPP: Sent IPCP AUTHOR Request 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 13. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 
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For Rl and R4*s connection: 



On kl 



Rlfconfig'^L'scrnamc R4 password cisco 

R 1 (c o n fig)#] nt V ir tual- Temp late 1 4 

RlfconfigWP address 10.1.14.1 255255255.0 

Rl(config)# ppp authentication chap callin 

Rl(config)# ppp pap sent -user name Rl-PAP password I) eiseoPAP 

On R4 

R4(config)#L"$ername Rl-PAP password cisco PAP 

R4(©Oiifig)#L'&crnamc Rl password cisco 

R4(configWnt SO/0.41 

R4(config-subif)#No ip address 

R4(config-subii)#Fra me- relay interf'ace-dlci 401 ppp virtual-template 41 

R4(config)#Int Virtual-Temp Iatc4 1 
R4(config-ii>lP address 10. 1.14.4 255.255.255.0 
R4('cont1g-itVppp authentication pap callin 

To test and verily the configuration: 



On R4 

R4#Dcbug ppp authentication 

R4#fcon%)#]nt 90/0 
R4#(ooiifig-if)#Shiii 

R4#(config-ift#No shut 

R4#(config-ift#Do Ping 1 0. 1.14.1 

*\1ar 2 06:01 :36.303: Vil PAP: 1 ALTH-REO id 6 len 20 from "Rl-PAP" 

*Yar 2 (36:01:36.303: Vil PAP: Authenticating peer Rt-PAP 

*Mar 2 06:01:36.307: Vil PPP: Sent PAP LOGIN Request 

*Mar 2 06:01:36.31 I: Vil PPP: Received LOGIN Response PASS 

*Mar 2 06:01:36.31 1: Vil CHAP: I CHALLENGE id 6 len 23 from "Rl" 

*\1ar 2 06:01 :36.3 15: Vil CHAP: RESPONSE id 6 xn 23 from "R4" 

*Mar 2 06:01 :36.3 19: Vil LCP: Received AAA AUTHOR Response PASS.! 
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Success rate is 2(1 percent (1/5), round-trip min/avg/max = 56/56/56 ms 

♦Mar 2 06:01 :36.3 19: Vil IPCP: Received AAA AUTHOR Response PASS 

*Mar 2 06:01 :36.3 19: Vil PAP: O A I TH-ACK id 6 ten 5 

*Mar 2 06:01 :36.339: Vil CHAP: I SUCCESS id 6 ten 4 

*\1ar 2 06:01:36.343: Vil PPP: Sent IPCP AUTHOR Request 



Task 3 

Erase the startup conlig and reload the routers be lore proceeding to the next lab 
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Lab 6 - Frame-relay End-to-End Keepalive 



10.1.144/24 




SGMi41 




SQ/0.12 10,1.12.1/24 

i S0/Q.13 10.1.13.1/24 

^90/0.14 10.1.14.1/24 




10.1.133/24 S0/(X31 




IP addressing and DL.CI ini'ormation Chart: 



X 



1 0,1.1 Z2 24 



50jU21 




Routers 


1 l J address 


Local ULCl 


Con nee ting to: 


Rl ~s Frame-relay interface 


10.1.121 (2A 

10.1.13.1 .24 
10.1.14.1 24 


102 
103 

104 


R2 
R3 

R4 


R2's Frame- relay interface 


1 0.1. 12.2/24 


201 


Rl 


R3's Frame- relay interface 


10.1.13.3 24 


301 


Rl 


R4*s Frame- relay interface 


10.1. 14.4 ,'24 


401 


Rl 
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Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured in a Point -to -Point manner as follows: 

r On Rl : DLCIs 1 02, 103 and 1 04 should be used for it's connection to R2, R3 and 
R4 respectively. 

> On R2, R3 and R4: DLCIs 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 
respectively lor their point-to-point frame-relay connection to Rl iThc hub). 



On Rl 

Rl(eonfig)#Jntcrfaec SO 
Rl (con fig- if)?* Encap frame 
Rlfconfig-if^Noshut 

Rl(config)#]ntcriacc S0/0. 12 point-to-point 
Rl(config.subif)#]p address 10.1.12. 1 255.255.255.0 
R 1 iconfig-subif)#Frame- relay interfacc-dlci 102 

Rlfconfig .^Interlace SO/0.13 point-to-point 
Rl(config-subif)#]p address 10.1.13.1 255255.255.0 
Rl (config-subif)#Framc-rclay interfacc-dlci 103 

Rl(config)rr]ntcrfacc SO 0.14 point-to-point 
R](config-subif)*lp address 10.1.14.1 255.255.255.0 
Rl(config-subif)#Framc-rclay intcrfacc-dki 104 

I o verify the configuration: 

On Rl 

Rl^Show frame map 

ScrialO/0.12 (up): point-to-point die i, dlci 102(0x66,0x1860), broadcast 

status defined, active 
ScrialO/0.13 (up): point-to-point dki, dlci 103(0x67,0x1870), broadcast 

st at u s d cfin cd , ac t iv c 
ScrialO/0.14 (up): point-to-point dlci, dlci 104(0x68,0x1880), broadcast 

status defined, active 
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On R2 

R2config-subif)*HntS0/0 
R2contig-if)#Encap frame 
R2con%-it)^No shut 

R2config)#Int SO 0.21 point-to-point 
R2coniig-subii>lp address 10.1. 12.2 255.255.255.0 
R2config-subii')#Fnimc-rclay intcrfacc-dici 201 

To verify and test the configuration: 

On R2 

R2#Show frame map 

ScrialO/0.21 (up): point-to-point die i, dlci 201 (OxC 9,0x3090), broadeast 
status defined, active 

R2#Pjng 10.1.12.1 

Type escape sequence to abort. 

Sending 5, lOO-bytclCMP Echosto 10.1.1.2.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

On K3 

R3con%-subif)#IntS0 
R3con fig- if)#E neap frame 
R3coniig-if)#\o shut 

R3contig-subit>lnt SO/0.31 point-to-point 

R3co n fig- sub i f)#] p address 1 . 1 . 1 3 . 3 2 5 5. 25 5 .25 5 . 

R3coniig-subif)#Frdmc-rclay intcrfacc-dlci 301 

To verify and test the configuration: 

On K3 

R3#Show frame map 

ScriaiO/0.31 (up): point-to-point dki, dlci 301(Qxl2D,Ox4SDQ), broadcast 
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status defined, active 

Rgjgjmg 10.1.13.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13 I. timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 
On R4 

R4con tig- subitum SGfl 
R4co n tig- if)#E neap frame 
R4con tig- i t)ffSo shut 

R4c n tig- sub i f )#] n t S 0/0 .41 no i nt- to -po in t 
R4contig-subityip address 10.1. 14.4 255.255.255.0 
R4 co n fig- sub ift^Fra me- relay intcrtacc-dlci 401 

'i'o verify and test thr cnnfmurtitinn: 

On R4 

R4**Show frame map 

ScrialO/0.4 1 (up): point-to-point dki ( dlci 40 1 (0x1 9 1 ,0x64 10), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

T\pc escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 14. 1. timeout is 2 seconds: 
run 

Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56.60 ms 



Task 2 

Configure Frame- relay end -to -end kccpalivcs on Rl and R2. these routers should be 
configured in bidirectional mode using the default values. 



Routers depend on the LYtlstti maintain the status of an active connection, since 
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The intermediate switches in the cloud may not support NN1 LMIs, FREEK can 
he used to provide the local router with the status of the remote end. FREEK 
accomplishes this by providing an end to end keepalive, this keepalive runs on the 
data DLC1 (16-997) and not the LMI DLCI (Cisco LM1 uses DLC1 1023, and 
Q933a and ANSI uses DLCI 0). 

FREEK maintains two internal keepalives: 

> The first one is used to send out keepalive requests and to handle 
responses to the requests; this is considered the send side. 

> The second one is to handle and reply to the requests: this is 
considered the receive side. 

At the send side when the timer expires, the send side transmits a keepalive and 

waits for a reply. When the send side receives the reply before the timer expires a 

frame-relay keepalive is recorded. If the timer expires and no keepalives are 

received, an error event is recorded. 

If a sufficient number of error events are observed, the PVC will transition to a 

down state, The number of events necessary to change the status from up to 

down is known as event window. 

Some of the parameters and values can be changed as follows: 

Frame- relay end-to-end keepalive |send | receivel error-threshold 

This command configures the number of frame-relay end-to-end keepalive errors 
that must occur in the event window before the interface goes down. Default is 2, 
and the maximum number is 32. 

Frame-relay end-to-end keepalive Isend | receivel success-events 
This command configures the number of frame-relay end-to-end keepalive 
successes that must occur before the interface comes up. Default is 2, and the 
maximum number is 32. 

Frame-relay end-to-end keepalive |send | receivel timer 

This command configures end to end keepalive timers: this can be configured for 

send or receive side 

Frame- relay end-to-end keepalive event- window 

This command tells the IDS to keep track of x number of most recent events. 

On Rl 

Rl(config)#Map.class framc-rclay TST12 

Rl icontlg-map-class! )~ frame- relay end-to-end keepalive mode bidirectional 
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R! (config)#]nt Scrial0.'0.12 point-to-point 

R I (c o n fig -s u b if)# frame - rcla y i ntcrfac c-d k i 102 

R] (config.fr.dlei)#class TSTI2 

i'o verify the configuration: 

On Kl 

Rl#Show frame-relay end-to-end kccpalivc interface SQ/0.12 

End-to-end Kccpalivc Statistics for Interface ScrialO'0.21 (Frame Relay DTE) 

DLC1 = 201, DLC1 USAGE = LOCAL, VC STATUS = ACTIVE (EEKUP) 

SEND SIDE STATISTICS 

Send Sequence Number: 3. Receive Sequence Number: 4 

C o n fi gured E ven t Wi nd o w: 3, Co nfigu red E rm r T hr csho !d : 2 

Total Observed Events: 6. Total Observed Errors: 

Monitored Events: 3, Monitored Errors: 

Successive Successes: 3 S End -to -end VC Status: UP 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 3, Receive Sequence Number: 2 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 5, Total Observed Errors: 

Monitored Events: 3 S Monitored Errors: 

Successive Successes: 3, End-to-end VC Status: UP 

On R2 

R2(config)£ map-class frame-relay TEST 

R2(confag-map-c lass)* frame-relay end-to-end keepalive mode bidirectional 

R2(config)#intcrfacc ScrialQ 0.21 point-to-point 
R2(config-subif)#framc intcrfacc>dlci 201 
R2i;config-fr-dki)#c lass TEST 

lo verify the configuration: 
On R2 
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R2~Show frame-relay end -to -end keep alive interface SO/0.21 

End-to-end Kccpalivc Statistics tor Interface ScrialO 0.21 (Frame Relay DTE) 

DLC1 =201, DLCI USAGE = LOCAL, VC STATUS = ACTIVE f EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 4, Receive Sequence Number: 3 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 6, Total Observed Errors: 

Monitored Events: 3, Monitored Errors: 

Successive Successes: 3, End -to -end VC Status: UP 

RECEIVE SIDE STATISTICS 

Send S'L-quLTfL';: Nur.bjr: 3. Receive Sequence Number: 2 

Configured Event Window: 3. Configured Error Threshold: 2 

Total Observed Events: 5, Total Ob Errors: 

Monitored Events: 3, milorcd Errors: 

Successive Successes: 3. End-to-end VC Status: UP 

To test the unitijjumtion: 

On R2 

R2(config)#]nt SO/0.21 
R2(config-subif)#Shut 

On Rl 



R lr^Show frame end keep inter SO 0. 1 2 

End-to-end Kccpalivc Statistics for Interface ScrialO/0. 12 (Frame Relay DTE) 

DLCI = 1 02, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK DOWN) 

SEND SIDE STATISTICS 

Send Sequence Number: 29, Receive Sequence Number: 28 

Configured Event Window: 3, Configured Error Threshold: 2 
Total Observed Events: 42, Total Observed Errors: 12 

Monitored Events: 3, Monitored Errors: 1 

Successive Successes: 0, End-to-end VC Status: UP 
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RECEIVE SIDE STATISTICS 

Send Sequence Number: 28. 
Conligured Hvent Window: 3. 
Total Observed Events: 39. 
Monitored Events: 3, 
Suee ess ivc Successes: 0, 

Rl#ShQw ip int brie 



Receive Sequence Number: 27 
Configured Error Threshold: 2 
Total Observed Errors: 9 
Monitored Errors: 2 
End-to-end VC Status: DOWN 



Inter face 
FaStEthernetO/0 

Fast Ether net I 
St; ri a KM 
Ser.al0ffl.12 

ScrialO/0.13 
Scrial0/0.14 



IP-Address OK' 1 Method Status Protocol 

li n assigned YE S u ns ct ad min i strativcly down down 
u n assigned YE S u ns ct ad min i strativcly down down 

li missioned YES unset up up 

10.1.12.1 YES manual down down 

10.1.13.1 YES manual up up 

10.1.14.1 YES manual up up 



Note the default configured error threshold is 2, therefore, when Rl did not 
receive two replies within three events, it's sub-interface SO/0.12 transitioned into 
down/down state. But the main interface (SO/0), is still in up/up state. 

To test the success events: 

On K2 

R2(config)#]ntcriacc SO/0.21 
R2(config-subif)r*\o shut 

On Rl 



Rl*Sh frame end keep inter SO/0. 12 

End-to-end Kccpalivc Statistics for Interlace ScrialO/0. 12 (Frame Relay DTE) 

DLC1 = 1 02, DLCI USAGE = LOCAL, YC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 105, Receive Sequence Number: 30 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 1 1 9 r Total Observed Errors: 87 

Monitored Events: 0, Monitored Errors: 

Successive Successes: 0, End-to-end \'C Status: UP 
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RECEIVE SIDE STATISTICS 

Send Sequence Number: 30, Receive Sequence Number: 29 

Configured Event Window: 3, Configured Error Threshold: 2 

Tota] Observed Events: 90, Total Observed Errors: 58 

Monitored Events: 0, Monitored Errors 

Successive Successes: 0, End -to -end VC Status: LP 

Note after three success events in a row, the sub-interface is transitioned into up 
up state. 



Task 3 

Conlitzure Frame-relay end-to-end kccpalivcs for the YC that connects Rl to R3. Rl 
should be configured in request mode whereas R3 should be configured in reply mode 
using the default values. 



On Rl 

Rl (con fig)#\lap -class frame- re lay TST13 
Rl(config-map-c!ass)#fraine-relay end-to-end keepalive mode request 

Rl (config)# interface ScrialQ'0. 13 point-to-point 
Rl (config-subif)#framc-rclay intcrfacc-dlci 103 
Rl (config.fr.dk: i)#c lass TST13 

To verify the confiauration: 

On Rl 

Rl#Show frame- relay end'toend keepalive interface SO.'0. 13 

End-to-end Keepalive Statistics tor Interface ScrialO/0. 13 (Frame Relay DTE) 

DLCI = 1 03, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK LP) 

SEND SIDE STATISTICS 

Send Sequence Number: 255, Receive Sequence Number: 1 

Configured Event Window: 3, Configured Error Thrcsho.d: 2 
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Total Observed Events: 7, Total Observed Errors: 4 

Monitored Events: 2, Monitored Errors: 

Successive Successes: 2, End-to-end VC Status: UP 

On R3 

R3(config)# map -class frame- relay TST31 

R3(config-map-cIass )f^ frame- relay end-to-end keepalive mode reply 

R3 ft o n fig)rr in tertkee Serial .31 po in t-to - po i nt 
R3 (c a n fig-s ub if)#framc - rcla y i ntcrfacc-d lc i 30 1 
R3(config-fr-dlci)#class TST 3 1 

To verify the configuration: 
On K3 

R3#Show frame end-to-end keepalive Interlace SO (3.31 

End-to-end Keepalive Statistics for Interface ScrialO'0.31 (Frame Relay DTE) 

DLC1 = 301, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 15, Receive Sequence Number: 14 

Configured Event Window: 3. Configured Error Threshold: 2 

Total Observed Events: 17, Total Observed Errors: 

Monitored Events: 3 S Monitored Errors: 

Successive Successes: 3, End-to-end VC Status: UP 



To test the configuration: 



On kl 

Rl(config)#]ntS0/0.13 
R 1 (c o n fig-s ub if )f* S hu t 

On K3 



R3#Show frame end-to-end keepalive Interface SO. 0.3 1 

End-to-end Keepalive Statistics for Interface ScrialQ'0.31 (Frame Relay DTE) 
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DLC1 = 301, DLC1 USAGE = LOCAL, VC STATUS = ACTIVE (EEK DOWN) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 24, Receive Sequence Number: 23 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 31, Total Observed Errors: 5 

Monitored Events: 3 S Monitored Errors: 2 

Successive Suec esses: 0, End -to -end VC Status: DOWN 

To test the success events: 

On Kl 

Rl(config)#]nt SO/0.13 
Rl(eonfig-subif)No shut 

On R3 

RJ#Show frame end-to-end kccpalivc Interlace SO 0.3 1 

End-to-end Kccpalivc Statistics for Interface ScrialO 0.3 1 (Frame Relay DTE) 

DLC1 = 301, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 26, Receive Sequence Number: 25 
Configured Event Window: 3, Configured Error Threshold: 2 
Total Observed Events: 42, Total Observed Errors: 14 

Monitored Events: 0> Monitored Errors: 

Successive Successes: 0, End-to-end VC Status: UP 

Note the sub-interface SO/0. 31 cm R3 transitioned into up/up state. 



Task 4 

Configure Frame-relay end-to-end kccpalivcs for the VC that connects Rl to R4. These 
two routers should be configured in bidirectional mode using the following policy: 
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If these routers have three errors within 5 events, the sub-interface should transition into 
down'down state, and if they have tour success events in a row, the sub-interface should 
transition into up up state. Ensure that the kccpalivcs arc exchanged every 20 seconds. 



On Kl 

Rl (con fig )#Map -class frame- re lay TST14 

Rl (con fig- map -class J#f ram e- relay end-to-end keepalive mode bidirectional 
R 1 iconl'ig-ir.Lip-j'.Liss i-Tntm e-rekn end-to-end keepulh e e\ eat -win don recs 5 
Rl(config-map-c3ass)# frame-relay end-to-end keepalive event-window send 5 

Rl(config-map-class)#frame-relay end-to-end keepalive error-threshold reev 3 
Rl (config-map-c!ass)#frame-relay end-to-end keepalive error-threshold send 3 

RI(conf1g-map-c!ass)#frame-reIay end-to-end keepalive success- events recv 4 
Rl(config-map-cIass)#frame-reIay end-to-end keepalive success-events send 4 

RI(config-map-dass)r ! frame-relay end-to-end keepalive timer recv 20 
Rl(config-map-class)#frame-relay end-to-end keepalive timer send 20 

Rl(config)#Int ScrialO/0.14 point-to-point 

Rl (config-subif)#lramc- relay intcrfacc-dki 104 

Rl (config-subil)#class TST 14 

To verify the configuration: 
On kl 

RlnShow framc-rclay end-to-end keepalive interface SO/0. 14 

End-to-end Keepalive Statistics for Interface ScriaIO/0. 14 (Frame Relay DTE) 

DLC1 = 1 04, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 7> Receive Sequence Number: 8 

Configured Event Window: 5, Configured Error Threshold: 3 

Total Observed Events: 19, Total Observed Errors: 9 

Monitored Events: 5, Monitored Errors: 

Successive Successes: 5, End-to-end VC Status: UP 

RECEIVE SIDE STATISTICS 
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Send Sequence Number: 9. Receive Sequence Number: 8 

Configured Event Window: 5, Configured Error Threshold: 3 

Total Observed Events: 19, Total Observed Errors: 8 

Monitored Events: 5 S Monitored Errors: 

Successive Successes: 5, End -to -end VC Status: UP 

On K4 

R4(config)#Map-class frame-relay TST4 1 
R4(eonfig-map-class)nfranie-relay end-to-end keepalive mode bidirectional 

R4(config-map-c3ass)#frame-reIay end-to-end keepalive event-window reev 5 
R4(comfi||;-map-cl ass )£ frame-relay end-to-end keepalive event-window send 5 

R4(config-map-class)rrframe- relay end-to-end keepalive error-threshold reev 3 
R4(eonfig-map-class)#frame-relay end-to-end keepalive error-threshold send 3 

R4(config-map-cIass)#frame- relay end-to-end keepalive success-events reev 4 
R4(config-map-class)nframe-relay end-to-end keepalive suecess-events send 4 

R4(config-map-c!ass)#frame- relay end-to-end keepalive timer reev 20 
R4(config-map-c3ass)#frame- relay end-to-end keepalive timer send 20 

R4(config)#]nt ScrialO/0.41 point-to-point 
R4(config-subii)?rlramc-rclay intcrfaec-dlei 401 
R4(config.fr-dlci)#class TST 41 

To verify the lonliuuratiun: 

On R4 

R4#Show frame- relay end-to-end keepalive interface SO/0.41 

End-to-end Keepalive Statistics for Interface Scrial0'0.41 (Frame Relay DTE) 

DLCI = 401, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 11, Receive Sequence Number: 12 
Configured Event Window: 5, Configured Error Threshold: 3 
Total Observed Events: 14, Total Observed Errors: 
Monitored Events: 5, Monitored Errors: 

Successive Successes: 5, End-to-end VC Status: UP 



COE R&S by \iu-Hk Kucharians Advanced CCIE R&S Work Book 2.11 Page 326 of 1068 

£ £009 Xarbik Kucha rianx All rijhu reserved 



RECEIVE SIDE STATISTICS 






Send Sequence Number: 1 1 . 


Receive Sequence Number: 


10 


Configured Event Window: 5 5 


Configured Error Threshold 




Total Observed Events: 13, 


Total Observed Errors 


Q 




Monitored Events: 5, 


Monitored Errors: 






Successive Successes: 5. 


End-to-end VC Status: 


LP 





Task 5 



Erase the startup contig and reload the routers before proceeding to the next lab 
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Lab 7- Trickv Frame-relay configuration 



4444 l& 




A/ 

sc/o 




11.11/8 SO/0 



<> 




^ 



13.3.3/8 30/0 




IP addressim? and DLCl information Chart: 



X 

2.2.2.2/3 



SOX) 




Routers 


I l J address 


Local I) LCI 


Connecting to: 


RI'sLoopback interface 
RTs Frame- rc lay interface 


LI. LI ,8 

]p unnumbered LoO 
]p unnumbered LoO 
Ip unnumbered LoO 


102 
103 

104 


R2 
R3 

R4 


Rl 's Loopback interface 
R2*t Frame-relay interface 


2.2.2.2 fS 

Ip unnumbered LoO 


201 


Rl 


R3 : s Loopback interface 
R3 : s Frame-relay interface 


T T ~1 ~1 i'O 

_>. _>.-?._* O 

]p unnumbered LoO 


30 1 


Rl 


R4*s Loopback interface 
R4*s Frame-relav interface 

■ 


4.4.4.4 .'8 

Ip unnumbered LoO 


401 


Rl 
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Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

The hub router (Rl): This router should uscDLCls 102* 103 and 104 tor it's 
connection to R2, R3 and R4 respectively. This router should 
be configured in a multipoint manner. 

The spokes, R2, R3 and R4: DLCIS201, 301 and 401 should be used by R2 r R3 
and R4 respectively lor their frame-relay connection to R I 
(The hub). 

Ensure that these routers have full reachability to every Loopback interface, this should 
include their own. You should NOT use ' TYame-rehvs map ", and. or static/dynamic 
routing to accomplish this task. 

None of the routers should he configured with sub-interface's. 



On Rl 

Rl(config)#]nt SO/0 

R 1 (c o n fig- if)rr Encap fra me- relay 

Rl (con fig- if)#Fra me- relay interface-dlci 102 ppp virtual-template 1 

R I (config-if)" Frame-relay interface-dlci 103 ppp virtual-template 1 

Rl (c o n fig- if)#Fra me- relay interface-dlci 104 ppp virtual-template 1 

Rl(config)#]nt Virtual- temp late 1 
Rl(config-if)#Ip unnumbered ioO 

Rlfconfig^lnt loO 

Rl (config-il>]p address I . I . I . I 255.0.0.0 

On R2 

R2(configWnt S0/0 

R2 ( c o n fig- if )#E neap fra me- relay 

R2(config-if)r#Frame-relay interface-dlci 201 ppp virtual-template 2 

R 2 1 c o n fig)#l nt V irtual- temp late 2 
R2fconfig-if)rr]p unnumbered k)0 

R2(config)#]nt IoO 

R2(config-ifyip address 2.2.2.2 255.0.0.0 
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On K3 

R3(config)#]nt SO/0 

R3 (c o n fig- if)#E neap ira mc- relay 

R3(config-if)#Frame-relaY interface-dlci 301 ppp virtual-template 3 

R3(curifig)rr]nt Virtual- temp late 3 
R2)config-if)#]p unnumbered IoO 

R3(config)#Int loO 

R3i;config-if)#Ip address 3.3.3.3 255.0.0.0 

On K4 

R4(config)#]nt SO/0 

R4 ( c o n fig- if)#Encap fta mc- relay 

R4(config-if)#Frame-relay interlace-dlci 401 ppp virtual-template 4 

R4(config)#]nt Virtual- temp late 4 
R4i"config-if)rr]p unnumbered ioO 

R4(config)#Int IoO 

R4(config-ii>lp address 4.4.4.4 255.0.0.0 

To verity and test connectivity between the hub and it's attat-'hed 

On Kl 

RlffShow ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1,N2- OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downkjaded static route 

Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

2.0.0.0/32 is subletted, 1 subnets 
C 2.2.2.2 is directlv connected, Virtual-Access 1 
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3.0.0.0/32 is subnetted, 1 subnets 
C 5333 is directly connected, Vh tual-.\ccess2 

4.0.0.0/32 is subnetted, 1 subnets 
C 4.4.4.4 is directly connected, Virtual-Aeeess3 

Note when PPP is configured, in the last step of PPP connection, IPCP creates a host 
route for the routers interface that is connected to your local router. This behavior 
can be disabled using the "no peer neiiib bo r- route " command. Note because of this 
behavior in PPP, Rl should have connectivity to every spoke, as folkms: 

On kl 



Rigging 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo s to 1. 1. 1.1, timeout is 2 seconds: 



Success rate is 1(10 percent (5/5), round- trip rnin/avg max = 1/1/1 ms. 

RI*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.2.2 r timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

ftjjPijjg 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 3.3.3. 3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

Rl^Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

On K2 

R2*Sho\v ip route 
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Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF NSSA externa! type I , N2 - OSPF XSSA external type : 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - IS-IS lcvcl-1, L2 - 1S-IS levcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o - ODR, P - periodic downloaded static route 

G ate way of last re sort is not set 

1.0.0.0/32 is subnetted, 1 subnets 
C 1.1.1.1 is directh coiinecludi \ 'iiiiiiil-AtcL'ss 1 
C 2.0.0. 0/8 is directly connected, LoopbackO 

Note R2 has reachability to Rl but NOT to any of the spokes 

R2*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 1 00-by tc 1 CMP Eehos to 1.1.1,1, timeout is 2 scco nds: 



Success rate is 1(10 percent (5/5), round-trip min/avg'miix = 56/58/60 ms 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo b to 3.3.3.3, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R2*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 

Success rate isO percent (0/5) 
On R3 

R3*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
XI • OSPF XSSA external type I , X2 - OSPF XSSA external type 2 
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El - OSPF external type I, E2 - OSPF external t>pc2 
i - IS-IS, su - 1S-1S summary, LI - IS-IS level- 1,*L2 - IS-IS lcvcl-2 
ia - IS- IS inter area. * - candidate default, L* - per- user static route 
o ■ ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

1.0.0.0/32 is subnetled, 1 subnets 
C 1.1.1.1 is directly connected, Virtual-Access 1 

C 3.0.0. 0/8 is directly connected, LoopbackO 

Vi)ii 113 has reachability to Rl hut APT to aiu of the spokes 

R3#gjng 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 1. 1. 1 . 1 . timeout is 2 seconds: 



Success rale is 1 (HI percent (5/5), round-trip min/avg'max = 56/58/60 ms 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.22, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

R3*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

Success rate isO percent (0/5) 

On K4 

R2?Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -EIGRP external, - OSPF, I A - OSPF inter area 
M - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level- 1,*L2 - IS-IS lcvcl-2 
ia - IS-IS inter area. * - candidate defauit. I." - per- user static route 
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o - ODR. P - periodic downloaded static route 

G ate way of last resort is not set 

1.0.0.0/32 is sub netted, 1 subnets 
C 1.1.1.1 is directly connected, Virtual-Access 1 

C 2.0.0.0.8 is directly connected. LoopbackO 

Vi<l' R4 has reachability to Rl hulM)T to ain ol'lhe spokes 

R4f*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 1.1. LI, timeout is 2 seconds: 

I (I M 

Success rate is 100 percent (5/5), round-trip rnin/avg'max = 56/58/60 ms 

R4*Ping 2.2.2.2 

T>pc escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 2.2.2.2. timeout is 2 seconds: 

Success rate isO percent (0/5) 

R4jgjng 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 3.3.3.3. timeout is 2 seconds: 

Success rate isO percent (0/5) 

PBR can be configured to provide reachability between the spokes as follows: 

On R2. R3 and R4 

(config)#lp local policy mute-map TST 

(config-routc-map)r 1 Route- map TST permit 10 
(confjg-ro utc-map)** Set ip next-hop 1.1.1.1 

(config-routc-map)r* Route-map TST permit 20 
To test the configuration: 
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On R2 






R2# Debug ip policy 






RZ^Ping 3.3.3.3 source 2.2.2.2 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 3.3.3.3, timeout is 

Packet sent with a source address of 2.2.2.2 
i hi i 


2 seco nds: 


Success rate is 100 percent (5/5), round- trip min.'avg'i 


nax = 


1 16/117/120 ms 


IP: s=2. 2.2.2 (local), d=3.3.33, ten 100, policy match 

IP: route map TST, item 10, permit 

IP: s=2.2.2,2 (local), d=33J3 (Virtual- Access2), leu 


100, 


policy ro u ted 


R2#Ping 4.4.4.4 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 4.4.4.4, timeout is 
inn 


2 seco nds: 


Success rale is 100 percent (5/5), round-trip min.'avg'i 


nax = 


112/1 14/1 16 ms 


On K3 






R3#Ping 1.1.1.1 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 1 . 1. 1 . 1, timeout is 

(MM 


2 seco nds: 


Success rate is 100 percent (5/5), round-trip min.'avg'i 


nax = 


56/57/60 ms 


R3#Ping 2.2.2.2 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.22, timeout is 
i ii ii 


2 9600 nds: 


Success rate is 100 percent (5/5), round- trip rnin/avg'i 


nax = 


112/114/1 16 ms 


R3#Pmg 3.3.3.3 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 3.3.3.3, timeout is 

( M M 


2 seconds: 
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Success rate is 1(H) percent (5/5), round- trip rnin/avg'max = 1/1/4 ms 








R3#Ping 4.4.4.4 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 








MM* 








Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/114/1 16 ms 








(Jn R4 








R4*Ping 1.1.1.1 








Type escape sequence to abort. 

Sending 5, 100 -byte ICMP Echos to 1.1.1.1,, timeout is 2 scco nds: 








MM* 








Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 








R4#Ping 2.2.2.2 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: 








* ** ** 








Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/113/1 16 ms 








R4#Ping 3.3.3.3 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: 








* ** ** 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 








R4*Ping 4.4.4.4 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 








MM* 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 






Task 2 




Erase the startup con fig and reload the routers before proceeding to the next lab 
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Lab 8 - Frame-relay Multilinking 




~L1 



SOX) 



SO/1 




Task I 



Configure the frame-relay connections between Rl and R2 in a point-to-point manner 
using the DLCls and interfaces in the diagram. Configure Rl and R2 using 10.1.12.1 /24 
and 10. 1.12.2 .24 IP addresses respectively. Ensure the these links appear as one and 
have authentication capability. 



Note the tusk does NOT specifically ask for PPP Mult Hi ok to be configured, but 
since the tusk asks for each router to have a single IP address and it states that the 
links should appear as one with authentication capability, that should be enough to 
indicate the PPP Multilink configuration. 

Most of the time there is only a single connection between two routers, but there are 
situations where you may need to have multiple layer one connections between the 
two routers, one reason could be to increase the size of the pipe between the tiro 
routers. The point of Multilink PPP is to take multiple PPP links and "bond" them 
together to act as a single PPP link. These PPP links that are being bonded could be 
an ISDN BRI circuit, IT circuits, or other types of PPP circuits as long as they are 
from the same provider. 

On Rl 



The following command creates a logical multilink group, in the following 

configuration the multilink group is assigned a value of 12, but the range is 1 

Billion. 

Rllcontlg^int Multilink 12 

An IP address is assigned to this logical interface, as follows: 



-2.14 
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Rl(config-if)#ip addr 10.1.12.1 255.255.255.0 
To verify the confix uration: 

On Rl 

Rl^Show run int multilink 12 

Building configuration... 

Current configuration : 89 bytes 
i 

interlace Multilink 12 

ip address 10. 1. 12. 1 255.255.255.0 

ppp multilink 

ppp multilink group 1 2 

The "PPP Multilink" command enables the interface to support MLP (.Multilink 

Point-to-point Protocol) and the "PPP multilink group 12'" command identifies the 
Multilink group that will later he assigned to two or more interlaces that will 
restrict them to joining only the designated rnultilink-group. 

The following command creates a virtual-template interface and assigns the 
multilink group 12 to this logical interface. 

Rl (con fig Winter virtual -tern plate 12 
Rl (config-if)#ppp multilink group 12 

Finally, the virtual-tern plate 12 is assigned to the DLCIs: 

Rl(config-il>#int sO-'O 

R I (c o n fig- if )#en cap fr a m e 

Rl(config-if)#int sO/0.12 Multipoint 

Rl (config-subifj^frame-relay interface-dlci 102 ppp virtual-template 12 

R 1 iconl '.^-suhd'tsframe-relay interface-dlci 112 ppp virtual-template 12 

Rl(config)#int s0/0 
R 1 (co n fig- ii> N o Sh u t 

To verify the configuration: 



On m 



RlfrShow ppp mu.ti.ink 
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No active bundles 
Mult il ink 12 (inactive) 
Member links: 2 

Vi3 (inactive) 

VI 1 2 (inactive) 

Note Hit; output ol the above command shows that them are no active bundles; this 
is because PPP Multilinking must be configured on both end points before its 

activated. 

On R2 

R'lconfigi^int multilink 21 

R2(config-ityip atldr 10.1.12.2 255.255.255.0 

R2(config)nint virtual-template 21 
R2(config-if)#ppp multilink group 21 

R2(config)#int s0/0 

R2 (c o n fig- ilVen cap Ira me- r el ay 

R2 (c o n fig- if)^ frame-relay interface-dlci 201 ppp virtual- Temp I ate 21 

R2(config-if>no shut 

R2iconfig-it>int sO/1 

RZiconfig-iiVencap frame-relay 

R2 (c o n fig- if)# frame-relay interface-dlci 211 ppp virtual- Tern pi ate 21 

R2(config-if)#no shut 

Note on K2 the virtual-template is assigned to two different physical interfaces, and 
frame-relay is configured directly under the physical interfaces. This is done 
intentionally to show the different implementations of this configuration. 

To verify the configuration: 



On kl 

Note the Mult ilinkl 2 logical interface is now up, this is because both routers/end 
points are configured with PPP multilink. 

R 1 r* S h o w pp p mu -t J. i n k 

Multilinkl2, bundle name is 112 

Kndpoint discriminator is R2 
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Bundle up tor 00:1 6:04, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1.000 ms 

fragments bytes in reassembly list 

lost fragments, reordered 

0/0 discarded fragments /bytes, lost received 

0x24 received sequence, 0x24 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not sct^ 

Vil, since 00: 16:04 

Vi2, since 00:16:03 

Ytl2 (inactive) 
No inactive multilink interfaces 



To verify the configuration: 



On R2 

R2"Sho\v ppp mult i". ink 

Mullilinkll, bundle name is Rl 
Endpuint discriminator is Rl 

Bundle up for 00: 18:19, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1(H) ms 

0/0 fragments bytes in reassembly list 

lost fragments, reordered 

discarded fragments bytes, lost received 

0x28 received sequence, 0x28 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not set) 

Vil, since 00:18:19 

Vil, since 00:18:19 

Vt21 (inactive) 
No inactive multilink interfaces 



To test the configuration: 



On Rl 

Rl*Ping 10. 1.12.2 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 10.1.12.2, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avgmax = 56/56/56 ms 
R l^Show in route b Gateway 
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Gateway of last resort is not set 

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
C 1». 1.12.2/32 is directly connected, Multilinkl2 

C Ukf. 12.0/24 is directly connected, \1ultilinkl2 

Note the host route is installed because of PPP implementation. 



Task 2 

Configure CHAP authentication between the two routers. Use "Cisco" as the password. 



On Rl 

RI(config)r*username R2 password Cisco 

R!(config)#inl virtual-template 12 
Rliconl1g>if)rrppp authentication chap 

On R2 

R2(c onfig)# user name Rl password Cisco 

R2(config)f*int virtual-template 21 
R2(config-if)r*ppp authentication chap 

Note- the authentication is configured under the virtual-template interlace. 
To verify the I'onf'iauration: 
On Rl 



R2# S h o w pp p mu .t i. i nk 

Mult ilink 1 2. bundle name is R2 
Username is R2 
Endpoint discriminator is R2 

Bundle up for 00:00:28, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1000 ms 

0/0 fragments/bytes in reassembly list 

8 lost fragments, 1 reordered 
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4 350 discarded fragments bytes, 2 lost received 
0x12 received sequence, 0x2 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not set) 
Vil, Siiu» 00:00:29 
Vi2, since 00:00: 18 
Vtl2 (inactive) 

Note this line is added and it indicates that authentication is configured. 

To test the eon figuration: 

On R2 

R2#Pbg 10. 1.12.1 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg max = 52 55 56 ms 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next 
section. 
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Lab 9 - Back-to-Back Framc-rclav connection 




Lab Setup: 

> No Setup is necessary: this lab is configured on the serial interface of Rl that 
is directly connected to R3 without the presence of a frame- re I ay switch. 



IP ail drcs sin g: 



Router 


Interface/ IP address 


I) LCI assignment 


Rl 


SO 1 =200.1.1.1 24 


1 13 


R3 


SO/1 = 200.1.1.3/24 


113 



Task I 

Configure Frame-relay between Rl and R3. you should use the IP address, interface and 
the DLCls provided in the IP Addressing table above, 



In this scenario we do not have a frame-relay switch connecting the routers: these 
routers are connected back to back using a DTE &^> DCE serial cable. The router 
that is connected to the DCE side should provide the clocking using the "Clock 

rate" interface configuration command, the DCE side can be 

determined using Hie "Slum eon) rotter S 0/1 "' command as folbms: 
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R I *Sh controllers Oi 

CD2430 Slot I, Port 0, Controller (1, Channel 0, Revision 19 

Channel mode is synchronous serial 

idh 0x84E4BAB8, buffer size 1524. V.35 PCE cable 

f The rest of the output is omitted) 

In this case since the frame-relay switch does NOT exist, the LMIs should be 
disabled using the "No KeeiKilive " 1 ' interface configuration command, and the 
frame -re I ay mapping should be done statically. 

When configuring the Frame-relay mapping, the DLCls should be identical on 
both eiuK 

On Kl 

Rl (config)# interlace Serial Q/l 

Rl i;config-if)#ip address 200.1. 1. 1 255.255.255.0 

Rl(config-if)r* encapsulation frame- re lay 

Rl (config-if)# no keepalhe 

Rl(config-if)# clock rate 64000 

Rlfconfig-ilV frame-relay map ip 2111(1.1.1.3 113 

On K3 

R3fconfig)# interlace ScrialQT 

R3(config-il>ip address 200.1 . 1.3 255.255.255.0 

R 3 ( c o n fig- if)# encap su 1 atio n frame- re lay 

R3(config-if)# no keepalive 

R3(config-il> frame-relay map ip 200.1.1.1 113 

To verify & test thL 1 i-onffeuration: 

On kl 

Rl*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 28/29/32 ms 
RI#Sho\v frame-relay Imi 

Rl?* 
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Note there are no LMIs, because they are disabled. 

Rl^Show frame-relay pvc 

PVC Statistics for interlace SerialOT (Frame Relay DTEj 

Active Inactive Deleted Static 
Local (.1 

Switched 

Unused 

DLCI = 1 13, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE 
ScrialO.T 




input pkts 5 

out bytes 520 
out pkts dropped 
in FECN pkts 
out BECN pkts 
out beast pkts 



output pkts 5 in bytes 520 

dropped pkts in pkts dropped 

out bytes dropped 
in BECN pkts out FECN pkts 

in DE pkts out DE pkts 

out beast bytes 
5 minute input rate bits'scc, packets'scc 
5 minute output rate bits' sec, packets'scc 
pvc create time 00:29:24, last time pvc status changed 00:29:24 

Rlr*Show frame-relay map 

ScriaKIT (up): ip 200. 1.1 J dlci 1 1 3(0x7 L Ox lclO) r static, 
CISCO 



Task 2 

Reconfigure the routers such that Rl uses DLCI 103 to send and DLCI 301 to receive 
packets, whereas, R3 should use DLCI 301 to send and DLCI 103 to receive packets. 
You should configure interface SO I to accomplish this task. 



In this configuration, «e are asked to configure these routers using different DLCls, 
103 connecting Rl to R3 and 301 connecting R3 to Rl. 

On Rl 



R 1 (c o n fig')# in tcrfac c S cr ial 
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R](config-if>ip address 200. 1.1. 1 255.255.255.0 
Rl (config-if)# encapsulation frame-relay 
RI(config-if)# no kccpalive 
Rl (config-if)* clock rate 64000 

The following command removes the frame-relay mapping that was configured in the 
previous task and adds the new mapping: 

Rli;config-iiy\() frame-relay map ip 20(1.1.13 113 
R](config-if)rM'rame-relay map ip 200.1.13 103 

On K3 

R 3 (c o n fig)# in tcrtacc Serial Q 1 ' 1 
R3(config-it>ip address 200.1. 1.3 255.255.255.0 
R 3 ( c o n fig- if)#enc ap su latio n fram c- relay 
R3(config-if)#no kccpalive 

R3(config-ii>NO frame-relay map ip 200.1.1.1 131 
R3(config-il>frame-relay map ip 200.1.1.1 301 

To verify and test the con figuration: 

On Both Routers: 

"Debug ip packet 

■^ Debug Frame-relay packet 

On Rl 



Rl f^Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5 ; 100-bytc ICMP Echos to 200. 1. 1.3, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note the ping is NOT successful and the following messages on R3 will reveal the 

reason: 

SerialOT! FR invalid unexpected pak received on DLC1 103 
SerialOT: FR invalid 'unexpected pak received on DLC1 103 
SerialOT: FR invalid/unexpected pak received on DLC1 103 
SerialOT: FR invalid/unexpected pak received on D1.C1 103 



CCIE R&* by Narhflt Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 146 of 1068 

C 204)9 Var bib Kucha riam. All rights raerved 



SerialOT: FR invalid 'unexpected pak received on DLCI 1(93 

Note the above errors are received on R3 because the DLCIs don't mutch. Rl does not 
know about DLCI 1(13. Remember that they are connected directly. 
To fix this problem. R3 can be configured to receive data on DLCI 1(13 and send on 
DLCI 301, as follows: 

On K3 

R3(config)#int SO/] 

R3 (con fig- itV frame-relay interface-dlci 1(93 

To verify and ti'st the configuration: 

On K3 

R3#Dcbug frame relay packet 

On Rl 

Rigging 200. 1.1.3 repeat 4 

On K3 

ScrialOTCi): dlci 103(0x187 1 ), pkt type 0x800, datagramsizc 104 
Scrial0/l(o): dlci 3()l(0x48Dl), pkt 'type 0x80 CHIP), datagramsizc 104 

ScrialOTCi): dlci 103(0x1871), pkt type 0x800, datagramsizc 104 
SerialOT (u): dlci 301(0x4801), pkt "type OxSOOflP), datagramsizc 104 

ScrialO/ICi): dlci 103(0x1871 ), pkt type 0x800, datagramsizc 104 
ScrialO/](u): dlci 3()l(0x48DI), pkt "type OxSOOflP), datagramsizc 104 

ScrialOTCi): dlci 103(0x1871), pkt type 0x800, datagramsizc 104 
SerialOT (o): dlci 301(0x48Dl), pkt "type OxSOOflP), datagramsizc 104 

Note the incoming traffic uses DLCI 103, whereas, the outgoing traffic uses DLCI 301. 
Til test the configuration: 



On kl 



Rl#Dcbug Frame* relay Packet 
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On K3 

R3*Ping 200.1.1.1 repeat 4 

On Kl 

SeriaIO/1: FR invalid 'unexpected pak received on DLC1 3(11 
SerialOT: FR invalid 'unexpected pak received on DLC1 301 
SerialOT: FR invalid 'unexpected pak received on DLC1 301 
SerialOT: FR invalid unexpected pak received on DLC1 301 

Note the same problem, the traffic comes in on I) LCI 301 and the local router is NOT 
aware of this DLCI. To fix the problem: 

Rlfconfig^intSO-T 

Rl icon fig- if)£ frame-relay interface- dlci 301 

To verify and test the configuration: 

On K3 

R3#Ping 200. I.I.I repeat 4 

On Kl 

Serialtt/I(i): tllci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 1113(0x1871), pkt type OxSOO(lP), datagramsize 104 

SerialO.T(i): dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt type 0x800(lP), datagramsize 104 

Serial!) 1 lit: dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt type 0x800(lP), datagramsize 104 

SerialO T(i): dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt typeOxSOO(lP), datagramsize 104 

R If* Show frame map 

ScrialO.'l (up): ip 200.1.13 dlci 103(0x67,0x1870), sialic, 
CISCO 

On K3 
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R 3" Show frame map 

ScrialO/1 (up): ip 200.1.1.1 did 301(0x1 2D,(I\<«D(I), static, 
CISCO 

To test connectivity: 
On Rl 



Rl*Ping 200. 1.1.3 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200. 1. 1.3. timeout is 2 seconds: 

Success rate is 1(H) percent (S'5), round-trip rnin/avg'max = 28/30/33 ms 

On K3 
R3#Pijjg 200.1 1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. L timeout is 2 seconds: 

iini 

Success rate is 1(H) percent (5/5), round-trip min/avg'max = 28/29/32 ms 



Task 3 

Rc-conllgurc Rl as the frame-relay switch and a router connecting to R3. whereas. R3 
should be configured as a router connecting to Rl using SO 1 interface. Rl should use 
DLC1 103 for its connection to R3 and R3 should uscDLCl 301 for its connects n to Rl. 
You should NOT disable LMls to accomplish this task. 



On Rl 

R! (c o n fig )# frame switching 

Rl(config)#intSO/l 

Rl(config-ii)#ip addr 200. 1. 1.1 255255.255.0 

Rl (config-ilVcncap frame-relay 
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Rl(config-if)#cIock rate 64000 

Rl (config-ii>frame map ip 200.1.1 J 103 
R](config-if)#l'rame interface did 301 

Rl (c on fig- if)#framc- relay in tl- type dec 

On K3 

R3(config-if)#int SO/1 

R3(config-if)#ip addr 200. 1. 1 .3 255255.255.0 
R 3 (c o n fig- if)#encap fram c- relay 
R3(config-it> frame map ip 200.1.1.1 301 

To verify and test the configuration: 
On Rl 



Rl#5how frame Imi ' B Num 

\um Status Enq. Rcvd 1 1 Num Status msys Sent 11 

Num Update Status Sent Num St Enq. Timeouts 

On K3 

R3"Sho\v frame- relay Imi I B Num 

Num Status Enq. Sent IS Num Status msys Revd 19 

Num Update Status Rcvd Num Status Timeouts 

Last Full Status Rcq 00:00:00 Last Full Status Rcvd QGfc0O:Q0 

R3"Show frame-relay pvc 301 

PV'C Statistics for interface ScrialOT (Frame Relay DTE) 

DLC1 = 301, DLC1 USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = 
ScrialO.T 



input pkts 3 
out bytes 520 
out pkts dropped 
in FECN pkts 
out BECN pkts 
out beast pkts 



output pkts 5 in bytes 102 
dropped pkts in pkts dropped 
out bytes dropped 
in BECN pkts out FECN pkts 
in DE pkts out DE pkts 
out beast bytes 
5 minute input rate bits sec, packcts'scc 
5 minute output rate bits' sec, packets sec 
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pvc create time 00:06:03, last time pvc status changed 00:02:42 

R3r*Show frame- relay map 

ScrialO/1 (up): ip 200.1.1.1 dlci 301(Oxl2D,0x48DO), static, 
CISCO, status defined, active 

R3*Fing 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.1, timeout is 2 seconds: 

III M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 28/30/33 ms 



task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 1 - On Demand Routine 




H 



SIMM 2 10.1.12.1 )24 
SIMM 3 10.1.13.1124 
SQ'D.U 10. 1.14.1. '24 



10.1.14.4,24 



/V 





~ 



10.1.13.3.24 SOfl.31 




< 



S0.'D.21 



10.1.122/24 




Lab Setup: 



> Configure all frame- relay connections in point to point manner, with Rl as the 

hub and R2 - R4 as the spoke routers. 

> L'sc the IP addressing chart below for IP assignment. 
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II J addt Lssinjj; 



Router 


Interface ■' IP address 


DLC1 


assignment 


Rl 


SO 0.12 = 10. I.P.I .PA 


102 






SO 0.1 3 =10.1.13.1/24 


103 






SO 0.14 = 10.1.14.1/24 


104 






LoopbackO =1.1.1.1 ft 






R2 


SO/0.21 = 10.1.12.2 '24 
LoopbackO =2.2.2.2 8 


201 




R3 


SO 0.31 =10.1.13.3/24 
LoopbackO =3.3.3.3/8 


301 




R4 


SO/0.41 =10.1.14.4/24 
LoopbackO =4.4.4.4 '8 


401 





I'ASk 1 

Configure ODR on the appropriate muter and ensure lull connectivity between the 
routers. 



On Rl 

Rl i'config)f* Router odr 
Rl#Sh ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -E1GRP external, O - OSPF, I A - OSPF inter area 
XI - OSPF N'SSA external t>pc 1 , N2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, su - IS-1S summary, LI - IS-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area., * - candidate default, L" - per- user static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

o 2.0.0.0/8 |160/11 via 10.1.12.2, 00 : 00:20, Serial0/0.12 

u 3.0.0.0/8 1160/11 via 10.1.13.3, 00:00:18, SerialO/0. 13 
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4.0.0.0/8 |160/11 Via 10. 1.14.4, 00:00:35, Serial0/0.14 

10.0 .0.0/24 is subnet ted 3 subnets 
C [(XI. 1 4.0 is d ircctly connected, ScrialO/0. 14 
C ! ft 1 .1 3.0 is d ircctly connected, ScrialO'O. 13 
C I ft 1 .12.0 is directly connected, ScrialQ/0. 12 

R2*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1 , N2 - OSPF XSSA external type 2 
El - OSPF external type L E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,"L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o -ODR, P - periodic downloaded static route 

Gateway of last resort is 10.1.12. 1 to network 0.0.0.0 

C 2.0.0.0 8 is directly connected, LoopbackO 

1 0.0.0. 0/24 is subletted, I subnets 
C 10. 1 .12.0 is directly connected, ScrialO/0.2 1 
o* 0.0.0.0/0 1160/11 via 10.1.12.1, 00:00:28, SerialO/0.21 

R3r*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
M - OSPF XSSA external type I , X2 - OSPF XSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - IS-1S, su - IS-IS summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate dctault, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is 10.1.13. 1 to network 0.0.0.0 

C 3.0.0.0 8 is directly connected, LoopbackO 

10.0.0. 0/24 i s su bn ctt cd, I sub nets 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO'O. 3 1 
o* 0.0.0.0/0 |160/11 via 10.1.13.1, 00:00:43, SerialO/OJl 

R4r*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF XSSA externa] type 1 , X2 - OSPF XSSA external type 2 
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El - OSPF external type I, E2 - OSPF external t>pc2 
i - [S-IS, su - 1S-1S summary, LI - IS-IS level- 1,*L2 - 1S-1S lcvcl-2 
ia - 1S-1S inter area. * - candidate default, L* - pcr-uscr statie route 
c - ODR, P - periodic downloaded statie route 

Gateway of last resort is 10.1.14. 1 to network 0.0.0.0 

C 4.0.0. 0/8 i s d i rcc t ly co n nee ted , Loo p b ac kO 

1 0.0.0. Q'24 is subletted, 1 subnets 
C 1 0. 1 . 1 4.0 is d ircctly connected, ScrialO/0.4 1 
o* 0.0.0 .WO |160/1] via 10.1.14.1, 00:00:45, Serial0/0.41 

R4*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 1. 1. 1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 

R4*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 12 ms 

R4*Ping 3.3.3.3 

Type escape scqucnec to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 

ODR is a nice solution in a small hub and spoke scenario where the spokes are stub 
networks. ODR uses CDP as its transport. Ensure that the CDP versions match. 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 1 - RIPv2 and Frame-Relay 




SO/0.123 1 0.^1.1 At 



10.11.2 £4 SGrt> 





90-0 



10.1.1.3)24 




Lab Setup: 



Confgurc Rl lis I In: hub und routers R2 and R3 as the spokes. 

Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on R2 or R3. Rl should be configured with a suh- interface in a 
multipoint manner. Use the broadcast keyword where necessary. 

Use the IP addressing chart below for IP assignment. 
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II* addressing: 



Router 


Interface/ IP address 


Rl 


SO 0.123 = 10.1.1.1 24 
Loopback0 = I.I. 1.1/8 


R2 


SOW =10.1.1.2/24 
LoopbackO = 2.2.2.2 8 


R3 


SO .0 = 10. 1 .1.3 24 

LoopbackO = 1 n - n - 1 /8 



1 ask 1 

Configure RlPv2 on all routers and advertise their directly connected interlaces in this 
routing protocol. Ensure that these routers have full NLRI to all the loopback interfaces 
advertised in this routing protocol. 



On Rl 

R I (con fig- ifjrrro titer rip 

Rl (config-routcr)#vcr 2 

Rl (config-routcr)#no au 

R 1 (config-rou tcr)#nct\v 1 0.0.0.0 

Rl (config-routcr.^netw 1 . 0. 0.0 

On R2 

R2 (con fig- iftrrro Liter rip 
R2(config-routcr)#no au 
R2(config-router)#vcr 2 
R2(config-rotitcr)#nctw 10.0.0.0 
R2 1 config-rou tcr)r#nct\v 2.0. 0.0 

On R3 

R3 (con fig- ifjrrro titer rip 
R3(config-rotiter)#oo au 
R3(config-routcr)r*\cr 2 
R3(config-routcr)#nct\v 1 0. 0. 0. 



CCIE R&i* bv Narbik KuL-harians 



Ad* ancL-d CCI E RA.S Uurk Book 2.0 

£ 2009 Varbik Kudu rum. All rijjhlj reserved 



Page 359 of 1068 



R3(config-routcr)#nctw 3.0.0.0 
'I'o verify the configuration: 

On Kl 

Rl#Sho\v ip route rip 

R 2 .0 .0 . 0/8 [ 120/ 1 J via 1 . 1 . 1 .2 , 00 :00 : 7 , Serial0/0 .123 
R 3.0.0,0/8 [120/1] via 10.1. 1.3, 00:00:15, SeriaK)/0.123 

On R2 

R2#Show ip route rip 

R 1 .0 .0.0/8 [ 120/ 1 J vi a 1 . 1 . 1 . 1 , 00 :00 :0 7 , Scrial0/0 

On K3 

R 3* Show ip route rip 

R 1 .0.0.0 8 [120/1 J via 1 0. 1 . 1 . I , 00:00:23, Scrial0/0 

Note the spoke routers do not see each others loopback interfaces: this is because of 
IP split horizon. If the hub router is configured in a multipoint manner using a sub- 
interface, then, the IP split horizon is ENABLED, whereas, if the hub is configured 
in a multipoint manner using the physical interface, then, the Split horizon is 
DISABLED, the following show commands will reveal this information: 

Note the following shows the sub- interlace SO/0.123 which is configured in a 
multipoint manner and it also reveals that IP split horizon is enabled . 

On kl 



RjgShow ip interlace SO/0.123 I Inc Split 

Split horizon is enabled 

The following command shows that S0/0 interface of R2 which is configured in a 
multipoint manner has its IP split horizon disabled. 

On R2 
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R2*Ship intSOO Inc Split 
Split horizon is disabled 

To resolve this problem: 

On Kl 

Rl(config)#int SO/0. 123 
Rl(config-subif)#\0 ip split-horizon 

10 verify the confiauratinn: 

On Rl 

Rl^Ship intsO 0.123 line Split 

Split horizon is disabled 
On R2 

RZfrShow ip route rip 

R 1 .0.0.0 8 [ 120/ 1 J via 1 0. 1 . 1 . 1 , 00:00: 1 2, ScrialO/0 
R 3 .0 .0 .0/8 [ 120/2 ] via 1 0. 1 . 1 3, 00 : : 1 2 , Scrial0/0 

On K3 

R 3" Show ip route rip 

R 1 .0.0. 0/8 [ 120/ 1 J via 1 0. 1 . 1 . 1 , 00:00:22, ScrialO/0 
R 2.0.0.0 8 [120/2] via 10.1. 1 .2, (0:00:22, Scrial0/0 



Task 2 

Ensure that every router can Ping every ioopback interface advertised in this routing 
domain. 



On R2 
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R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echo a to 3.3.3.3, timeout is 2 seconds: 

Success rate isO percent ((1/5) 

On K3 
R3#Pbg 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 2.2.2.2. timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note even though the prefixes advertised are in every router's routing table, R2 and R3 
do NOT have reachability to each others loophack interlace: 

On R2 

R 2" Show ip route rip 

R 1 .0.0. 8 [ 120/ 1] via 10.1 . LI, 00:00: 12, ScrialO/0 
R 3.0.0.0.. 8 [ 120/2] via 10.1. 1 .3, 00:00: 12, Scrial0/0 



On K3 

R3f?Show ip route rip 

R 1 .0.0,0/8 [ 120/ 1 J via 1 0. 1 . 1 . 1 . (IJ#fl!22 s Scrial0/0 
R 2.0.0*0/8 [ 120/2] via 10.1.1 .2,1)0:00:22, ScrialO/0 

To t'iv thi. 1 problem: 

On R2 

R2(config)#Int SO/0 
R2(config-if)#Framc-rclay map ip 10. 1.1.3 20 1 

On K3 

R3(config^lnt S00 



Note the next hop IP address is set 
'Based on the originating router 
and NOT the advertising router 
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R3(config-if>Framc»rclay map ip 10. 1.1.2 301 
To test the configuration: 
On R2 

R^Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosta 3.3.3.3, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avgmax = 1 12/113/1 17 ms 

On K3 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.2.2, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/125/168 ms 






Task 3 

Remove the "no ip split-horizon" and the "Frame-relay map"' statements from R2 and 
R3 that was configured in the previous steps and ensure that R2 and R3 can ping each 
other's ioopback interlace. DC) NOT configure static routes or reconfigure Frame-relay to 
accomplish this task. Ensure that the next hop IP address is NOT changed and its still the 
IP address of the router that is originating the prefix. 






PPP ! s behavior is used to accomplish this task, when PPP is running on a link, the host 
(Peer neighbor's routes) is added to the routers routing table. 

On kl 

Rlfconfig^int SO/0. 123 

R 1 (config-subif)#ip split -horizon 

Rl(eonfig)#int SO 0.123 
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Rliconfig-subift^M) ip address 

RI(config-subif)#framc intcrtacc-dlci 102 ppp virtual -temp late 123 

Rl (config-fr-dlci)#framc interface-die i 103 ppp virtual-template 123 

R 1 (c o n fig-s ub if)#l ntcr v i rtual- temp late 1 2 3 

Rl (config-if)#ip address 1 0. I.I.I 255.255.255.0 

On R2 

R2(config)#intS0 

R2ieonfig-if)#NO ip address 

R2(config-if)?rframc intcrtacc-dlci 201 ppp virtual- Temp late 123 

R2 icon tig- if)#int virtual- temp late 123 
R2iconfig-if)#ip addr 10. 1.12 255255255.0 

On K3 

R3(config)#int SO 

R3iL-onfig-il>\() ip address 

R3 (eo nfig-if)# frame intcrtacc-dlci 301 ppp virtual- Temp late 123 

R3(config-if)#int virtual- temp late 123 
R3(config-it>ip addr 10. 1 . 1 .3 255255255.0 

To verify the configuration: 



On Rl 

R l^Show ip route rip 

R 2.0.0. 0/8 [ 120/ 1 J via 1 0. 1 . 1 .2, 00:00:08, Virtual- Access 1 
R 3.0.0. 0. 8 f 120/ 1 J via 1 0. 1 . 1 .3, GQ:0O:2O, Virtual -Access 2 

On R2 

Note the next hop IP address is NOT changed 
R2"Sho\v ip route rip / 

'he peer neighbor route added 
R 1 .0.0.0 8 [ 120/ 1 J via 10. 1 /J , 03:00:26, Virtual -Actress 1 
R 3. 0. .0 '8 1 1 2 0/2 1 \ i a 1 0. 1 . 1 .3 , 00 :0 : 2 6 AjPttraT^Acccss 1 

IO.O.O.G'8 is variably subnetted, 3 ^j.bnCts, 2 masks 
R 1 a 1.1 .3/32 1 120/1 1 via 10. L1J, 00:00:26, Virtual- Ace ess 1 
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On K3 

R3nShow ip route rip 

R 1 .0 .0 .0/8 [ 120/ 1 J via 1 . 1 . 1 . 1, 00 : : 6 , V irt ual - Access 1 
R 2.0.0.0/8 1 120/2| \ia 10.1.1.2, 00:00:06, Virtual- Access 1 

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 
R 1 0. 1 .1 .2/32 1 120/1 1 via 10. 1.1.1, 00:00:06, Virtual- Access 1 

To test thf configuration: 



On R2 



RZsPing 3.3.3.3 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip miin/avg'max = 1 16/116/1 17 ms 

On K3 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max= 1 12/114/1 16 ms 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 2 - RIPv2 Authentication 



LoO 




10.1.1.0/24 



10.2.2.0/24 




Lal> Set Lip: 

> Configure the FQ'O interface of Rl and R2 in VLAN 12. 

> Configure the FO/1 interface of R2 and R3 in VL AN" 23 
5* L'sc the IP addressing chart below tor IP assignment. 

II 1 aLkltTssinjj: 



LoO 



Router 


Interface ■ IP address 


Rl 


FOG =10.1.1.124 
LoopbackO= 1.1.1.1/8 


R2 


FU/0 =111.1.1.2/24 
FO/1 =10.2.2.2-24 

LoopbaekM = 2.2.2.2 ,'S 


R3 


FQ 1 = 10.2.2.3.24 
LoopbackO = 3.3.3.3/8 
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1 ask 1 

Configure RIPv2 on Rl and R2 und advertise their directly connected networks in this 
routing protocol. You should disable auto summarization when configuring RIP. 



On Rl 

Rl (c o n fig- if )#ro Liter rip 

Rl (config-routcr)#vcr 2 

Rl (config-routcr)#no au 

R 1 (config-routcr^nctw 1.0. 0.0 

R I (c o n fig-ro u tcr )#nctw 1 . 0. 0. 

On R2 

R2 (con fig- if)#ro Liter rip 
R2(config-routcr)n ! no aLi 
R2(config-router)r ! \'cr 2 
R2(config-rou ter)#nctw 1 0.0.0.0 
R2(config-routcr)#nctw 2.0. 0.0 



To verify thi' configuration: 



On Rl 

Rl^Show ip route rip 

R 2.0.0. 0'8 [ 120/ 1 J via 1 0. 1 . 1 .2, 00:00: 1 5, FastE thcmctO 

10.0.0.0/24 is subnetted, 2 subnets 
R 1 0. 2 .2 .0 [ 120/ 1 J via 1 . 1 . 1 . 2, 0:0 0:27, Fas t E thcrnetO/0 

On R2 

R2#Show ip route rip 

R 1.0.0.0 8 [120/1 J via 10.1.1.1,00:00:16, FastE thcmctO 
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Task 2 

Configure clear text RIPvZ authentication between Rl and R2. L'sc "cisco"as the 

password for this authentication. 






On Both Routers 

(config)#Kcy chain TST 
(config-kcychain)#kcy 1 
(config-kcychain-kcy)#key -string cisco 

(config-kcychain-kcy)#mt fD'O 

I con±ig-if)nip rip authentic at ion key-chain TST 

To verifv the configuration: 

On kl 

Rl#Show ip route rip 

R 2.0.0.0/8 [ 120/ 1 J via 1 0.1.1 .2, 00:00:0 1 , FastE thcrnctO. 

10.0.0.0724 is subnet ted, 2 subnets 
R 1 0.2 2 .0 [ 120/ 1 J v ia 1 . 1 . 1 . 2, 0:0 : 1 , Fas tE thcrnct0/0 

Note in RIPvl there are two types of authentication. Clear text and MD5. In RIP\2 
clear text authentication the key numbers do not need to match, meaning that Rl 

can use one key number and R2 can use a totally different one. 






Task 3 

Configure RIP v2 \-1D5 authentication between R2 and R3. these routers should use 
"ciseo23" as the password for this authentication. 






On k3 

R3 ( c o n fig-s ub if )#ro Liter rip 
R3 (con fig -router)?* no au 
R3(config-routcr)#vcr 2 
R 3 (c o n fig-ro u tcr)#nctw 10.0. 0. 
R3i;config-routcr)*nct\v 3.0. 0.0 
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On Routers R2 and R3 

(config)#kcy chain I S I 23 
(config-kcychairi^kcy 1 
(config-kcychain-kcy)#kcy-!itring cisco23 

(config^intfnT 

(config-if)#ip rip authentication key -chain I SI 23 

(config-if)#ip rip authentication mode md.5 

To verify the configuration: 

On R2 

R2* ! Sh ip route rip 

R 1.0.0.0/8 1120/11 via 10.1.1.1, 00:00:20, FastEthernetO/0 
R 3.0.0.0/8 |120/11 via 10.2.2.3, 00:00:16, FastElhernetO/l 

Note when configuring MD5 authentication, the passivords and the key numbers 
.MUST match on both routers, or else the routers will not exchange muting updates. 






Task 4 

Configure R2 such that it receives all routes from R3, whereas. R3 ignores v2 packet s 
from R2 ( 10.2.2.2). DC) NOT use any filtering, offset-list, route-maps or passive-interface 
to accomplish this task. 








In this case the behavior of MD5 authentication is used to accomplish this task, in 
RIPv2 MD5 authentication if the key numbers do NOT match, the router with a 
higher key number will receive all the routes and it will populate the received routes in 
its routing table, whereas, the router that has a lower key number will totally ignore 

all routes received from the other router. 

On R2 

R2(config)#No key chain TST23 

The key number of R2 is 2, whereas, the key number 

R2(config)#kcy chain TST2J..--' R3 is f. 

R2 (c o n fig-k c yc h ai n )#key 2 
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R2(config-kcychain-kcy)#kcy-string cisco23 

On K3 

R3*Show key chain TST23 

Key-chain T5T23: 

key 2 - text "cisci^" 

accept lifetime (always valid) - (always valid) [valid now] 
send lifetime (always valid) - (always valid) [valid now] 

To test the configuration: 

On K3 

R3#Show ip route rip 
R3# 

On R2 

RZg&how ip route rip 

R 1.0.0.0/8 [I20/1| via IflL 1.1.1, 00:00:18, FastEthernetO/0 

R 3.0.0.0/8 [120/1 1 via 10.2.2.3, 00:00:27, FastEtlienietO/1 

Note R2 will receive and process the routes, whereas, R3 will reject the routes because 
the kev numbers do not match and its kev number is hmer than R2's kev number. 



Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 3 - Advanced RIPv2 Mock Lab 



Logical Topology 



L01-1 




L0&1 



FO/O 



10.1.111.111,24 



-.c11.--i1.1y2d 



FO/O 



1 0.1.1 000.24 



10.1.13/24 



FO.O 



FO/O 10.1,' 133 ,24 





.112 Fflyo 
iai.n2joy24 




.21 


W^'^F 


FO/1 


.2 




10.1.240.24 


4 


FOX) 





socms 1 so/Me 

-us .106 
/24 
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IP Addressing chart: 








Router 


Interface 


Connecting to: 


IP Address 




Rl 


SO 0.12 


R2 


10.1.12.1 24 






SO 0.1 3 


R3 


10. 1.13.1 24 








SO 0.14 


R4 


10.1.14.1 ,24 








SO 1 


R: 


10.1.100.1 ,'24 








FO/0 


BBI 


100.1.1 I I.I 24 




\U 


SO/0.21 


Rl 


10.1.12.2 ,'24 






FO/0 


BBI 


10.1.112.2/24 








F0 1 


R4 


10.1.24.2/24 




R3 


SO, 0.31 


Rl 


10.1.13.3 24 






SO/1 


Rl 


10.1.100.3/24 








FO/O 




10.1.3.3 24 




R4 


SO/0.41 


Rl 


10.1.14.4 '24 






SO/0.45 


R5 


10.1.45.4 /24 








SO. 1 0.4 6 


R6 


10.1.46.4/24 








FO/0 


R2 


10.1.24.4 ,'24 




1^5 


SO 0.54 


R4 


10.1.45.5 24 






FO/0 


R6 


10.1.56.5,24 




R6 


SO'0.64 


R4 


10.1.46.6 '24 






FO/0 


R5 


10.1.56.6 ,'24 




BBI 


FO/0 


Rl 


10.1.111.111 ,'24 






Lol 




101.0.0.111 8 








Lo2 




102.0.0.111 9 








Lo3 




103.0.0.111 .iO 








Lo4 




104.0.0.111 /ll 








Lo5 




105.0.0.111 /14 








Lo6 




106. 1.1.33 ,'27 








Lo7 




107.1.1.1 I 1 /25 








Log 




108.1.1.65 26 








Lo9 




1 09. 1 .4. 1 1 1 /22 








Lo 1 




110.1.1.17/28 




BB2 


FO/0 


R2 


10.1.1 12.1 12, '24 






I.oO 




112.1.1.1 /24 








Lol 




112.2.2.2 ,'24 




BB3 


E0 




10. I.I 13.3/24 
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Lab Setup: 



VLANs: 



BB1 and Rl's FO'O interface should be configured in VLAN 1 1 I 

BB2 and R2's F'0/0 should be configured in VLAN" 1 12 

R2 : s F071 and R4's FQ'O interlace should be configured in VLAN 24 

BB3's EO. ■'0 should be configured in VLAN" 1 1 3. 

R3's F0 interface should be configured in VLAN 3 

R5 and R6 should have their FQ'O interface in VLAN 56. 



l-'rame-rchiv: 

• R4 should be configured with two sub- interfaces in a point-to-point manner, one 
connecting R4 to R5 and the second one connecting R4 to R6. 

• R5 and R6 should each be configured with a single point-to-point sub-interface 

co fine cum lo R4. 

• The frame-relay connection between Rl. R2. R3 and R4 should be configured in a 
hub and spoke manner as follows: 

Rl should be configured with three point-to-point sub-interfaces 
connecting it to routers R2. R3 and R4. 

Routers R2. R3 and R4 should each be configured with a point-to- 
point iramc>rclay connection to Rl . 



Trunk connection between the switches: 

SW- 1 and SW-2 should be connected to each other via ports F0/1 9 and F0/20 forming an 
1SL taink. 
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Task 1 

Configure RlPv2 on the routers and advertise their directly connected interfaces in this 
routing domain. 



On All Routers 

(©OnfigJ#Ro Liter rip 
( c o nil g-rcmt er) r* No au 

(eoniig-rauter)#Vcr2 

j config-rautcr'^Nctwork 1 0. 0. 0.0 
On Rl 

R 1 (c o n fig)# Ro u tcr rip 

R 1 (conilg-rou tcr)#Network 1 00.0.0.0 

On R6 

RoftShow ip route rip 

100.0. 0.0/24 is subnetted, I subnets 
R 1 00. 1.1 1 1.0 [120/2] via 10. 1 .46.4 00:00:02, ScrialO/0.64 

10.0.0.0/24 is subnet ted, 9 subnets 
R 1 0. 1 .14.0 [120/1 J via 10. 1.46.4, 00:00:02, ScrialO 0.64 
R 10. 1.13.0 [120/2] via 10.1.46.4, 00:00:02, ScrialO 0.64 
R 10. 1.12.0 [120/2] via 10.1.46.4, 00:00:02, ScrialO/0.64 
R 1 0. 1 .3.0 [ 120/3] via 10. 1 .46.4, 00:00:02, ScrialO 0.64 
R I ft 1 .24.0 [120/1] via 10. 1.46.4, 00:00:02, ScrialO 0.64 
R I ft 1 .45.0 [120/1] via 10. 1.56.5, 00:00:0 1 , FastEthcrnctO/0 

[120/1] via 10.1.46.4, 00:00:02, ScrialO/0.64 
R I ft 1.11 2. [ 1 2 0/2 ] via 1 . 1 . 46 . 4, 00 : : 02 , Serial 0-0 . 64 



Task 2 

Set the RlPv2 timers on all routers to be twice as much as the default value lor update, 
invalidation timer, ho id down, and Hush timer. 
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To find out the default parameters: 

On kl 

Rl#Show ip proto Inc Send lnva.;d 

Sending updates every 30 seconds, next due in 23 seconds 
Invalid after 180 seconds, hold down 180, Hushed after 240 

On All Routers 

(config)#Ro utcr rip 
Timers Basic ? 

<0-4294967295> Interval between updates 
Rl(config-roLitcr)rrtimcrs bask 60 ? 
<I-429*967295> Invalid 

R I iconl1g-routcr)#timers basic 60 360 1 
<0-4294967295> Holddcmn 

Rl(config-routcr)r#timcrs basic 60 360 360 7 
<l-4294967295> Flush 
Rl(config-routcr)#timcrs basic 60 360 360 480 
On All Routers 
(config-routcr)#Timcrs basic 60 360 360 480 



Task 3 

1 n order to avoid collisions. R6 should delay a regular periodic updates by up to 1 00 
milliseconds. 



On K6 

R6i;config-routcr)#Tirncrs basic 60 360 360 480 100 ^ This is the sleep timei 
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Task 4 

R5 and R6 should suppress a flash update if the regular update is due in 10 seconds or 
less. 








On R5 and K6 

(config)#ro Liter rip 

(contig-ro Liter)?* flash- up date- threshold 10 

The Flash-update-threshold command suppresses flash updates when the arrival of 
a regularly scheduled periodic update matches, or is less than the number of seconds 
that is configured, in this case 1(1 seconds. The range is (1 — 3(1 seconds. 
The above configuration configures both routers to suppress a flash update, if the 
regular periodic update is due in 1(1 seconds or less. 

To verity the configuration: 

Rx^Show ip protocols 

Routing Protocol is "rip" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list tor all interfaces is not set 
Sending updates every 60 seconds, next due in 35 seconds 
Flash update is suppressed when next update due within 10 seconds 
Invalid after 360 seconds, hold down 360, flushed after 480 
(The rest of The output is omitted) 






Task 5 

The link between R4 ^--^ R5. R4 < — ^ R6 should use authentication when exchanging 
routing updates, the password for this authentication should be set to "cisco : \ these 
routers should use the strongest authentication method available in RIPvZ. 








On R4. R5 and R6 

(configWkcy chain TST 
(c o lijfig-k c ye h ai n)#kcy 1 
(co nfig-k c ye h ai n- k c y )# k cy -stri ng c i sco 
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On R4 






R4(config)#int SOMAS 
R4(config-if)#ip rip authentication 
R4(config-if)#ip rip authentication 


key-chain TST 
mode md5 


R4(config)#int S0.fl.46 
R4(config-if)#ip rip authentication 
R4(config-if)#ip rip authentication 


key-chain TST 
mode md5 


On R5 






R5i;config)#intS0 0.54 

R5(config-if)#ip rip authentication key-chain TST 

R5(config-if)#ip rip authentication mode md5 


On K6 






R6(config)#int SOU 64 
R6(config-if)#ip rip authentication 
R6(config-if)#ip rip authentication 


key-chain TST 
mode md5 


To verily the configuration: 






On R4 






R4#Show ip protocols Inc Interface TST 




Interlace Send Rccv Triggered RIP 
SeriaH)/0.45 2 2 
SerialO/0.46 2 2 


Key -chain 

1ST 

TST 



Task 6 

Rl is configured with RIPvZ and it's advertising its directly connected networks. Ensure 
that Rl receives 10 routes fromBBI. DC) NOT con figure tunnel,, secondary IP 
addressing tor this task. Ensure that Rl has reachability to all the networks advertised by 
BB 1 ; you arc allowed one static route to accomplish this task. 
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On kl 

R 1 (c o n figure u t cr rip 

R 1 (c o n fig-ro u t cr) 3 no v a I id a te- up d at e- sou r c e 

RIP and IGRP are the ONLY two muting protocols that validate the source IP 
address of incoming updates. 

Before RIP and' or IGRP routing protocols accept routes from a given neighbor, they 
want to make sure that the source IP address of the advertising router is fmm the 
same IP address space as the link that the two routers are connected to. If the routers 
that have to exchange routing information are from different IP address spaces, then 
the source validation should be negated using "no validate- up date -sou nee" 

To Verify the con ft aura titm: 
On Kl 

R IfShow ip route rip Inc 1 0. 1 . 1 1 1 . 1 1 1 



R 1 01 0.0.0 [ 120/ 1 1 via 1 0. 1 . 1 1 I . I 1 1 , 00:00: 1 2 

R 1 03. 0.0.0 [ 120/1 J via 1 0. 1 . 1 1 I . I I L 00:00: 1 2 

R 101.0.0.0 8 [120/1] via 10.1.1 11.111, 00:00:12 

R I 1 0. 1 . 1 . 1 6 [ 120/1 ] via 1 0. 1 . 1 1 1 . 1 11 , 00:00:12 

R 108.1.1.64 [120/1 J via 10.1 . 1 1 1 . 1 1 I, 00:00:12 

R 1 09. 1.4.0 [120/1 J via 10.1. II 1.1 11,00:00:12 

R 1 06. 1 . 1 .32 [ 120/1 ] via 1 0. 1 . 1 1 1 . 1 1 1 , 00:00: 12 

R 1 07. 1 .1.0 [ 120/1 J via 1 0. 1 . 1 1 1 . 1 1 1 , 00:00: 1 2 

R 1 04.0.0.0 [ 120/1] via 10. 1. 1 1 1 . 1 1 1 , 00:00: 12 

R 1 05.0.0.0 [120/1 J via 10. 1. 1 1 I . I 1 1 , 00:00:12 

Note, even though the networks are in the routing table of Rl, they are NOT 
reachable, because Rl does NOT have NLRI (Network Layer Reachability 
Information) to the next hop IP address (10.1.11 1.1 1 1) that is advertised. In order to 
provide reachability, the following static route is configured. 

On kl 



Rl (config)#]P route 1 0. 1 . 1 1 I . I 1 1 255.255.255.255 F0/0 
To test and verify the configuration: 
On kl 
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Rl#Piijg 101. 0.0.1 1 1 

Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echosto 101.0.0. Ill, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 
Rl*Ping 110.1.1.17 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 110. LI. 17, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min/'avg'max = 1/2/4 ms 






I ask 7 

Configure Rl such that only the existing and future prefixes with prefix -length of/1 to 
/26 arc allowed in RTs routing tabic. Rl should receive these routes from BBI and BBI 
ONLY. Do not use neighbor command to accomplish this task. 








(Jn kl 

The following pre fix-list identifies the existing and the future routes that have a 
prefix-length of/10 through .'26: 

Rl(config)#lP prefix-list NET seq 5 permit 0.0.0.11/0 ge 10 le 26 

The following pre fix- list identifies the BBI router: 

Rl(config)#lP prefix-list BBI seq 5 permit 10.1.111.111/32 

R 1 (c o n fig)# Ro u t cr rip 

Rli;eonfig-roLitcr)#Distrihute-lisl prefix NET gateway BBI in F0/0 

To test and verify the configuration: 

(Jn kl 

Rl#Sho\vip route inc 10.1. 111.111 
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R 


] 03.0.0.0 [120/1 J via 1 0. 1. 1 1 I.I IK 00:00:25 


S 


10. 1. 1 1 1 . 1 1 1/32 is directly connected, Fast Ethernet 0/0 


R 


1 08. 1 .1 .64 [120/1 ] via 10.1 . 1 1 1 . 1 1 1 , 00:00:25 


R 


109. 1.4.0 [120/1 J via 1 0. 1. 1 1 1 . 1 I 1 , 00:00:25 


R 


107. 1.1.0 [120/1 J via 1 0. 1. 1 1 I . I I L 00:00:25 


R 


104.0.0.0 [120/1 J via 10. 1. 1 1 1. 1 1 1, 1)0:00:25 


R 


1 05.0.0.0 [120/1 J via 1 0. 1. 1 1 1 . 1 1 L 00:00:25 



Task8 

Configure Eigrp 100 on R2, and advertise it's link to BB2, if this configuration is done 
properly, R2 should receive two routes from BB2. 



On R2 

R2(config)#Routcr eigrp 100 

R2 (c o n fig-ro u t cr)# No au 

R2iconfig.ro Liter)* Net work 1(1.1.112.2 0.0.0.0 

To test and verify the unitimirtttion: 

On R2 

R2#Show ip route eigrp 

112.0.0.0/24 is subnetted, 2 subnets 
D I 1 2.2.2.0 [90 1 56 1 60J via 10.1.112.112, 00:04:52, FastEthcrnctO'O 
D 1 12.1.1.0 [90 156 160 J via 10.1.112.112, 00:04:52, FastEthcrnctO'O 



Task 9 

R2 should be configured to inject a default route into RlPv2's routing domain as long as 
anyone of the two networks arc in it's routing table. 



On R2 
















R2(config)* 


Al'L'L'SS 


-list 1 


pel 


mit 112. 


1 


.1.00.0.0 


255 
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RZiconfig^Access-list 1 permit 112.2.2.110.11.0.255 

R2(config)r*Route-map 1ST permit 10 
R2[eonfig-routc-map)#Mateh ip addr 1 

R2(config)n Router rip 

R2(config<outcr)rl)efauIt-infomiation originate route-map 1ST 

To vcrifv the configuration: 

On R6 

R6*Show ip route dp ' inc 0.0.0. 

R* (UUUI/0 1 120/21 via 10. 1.46.4, 00:00:50, SerialO/0.64 






[ask Ml 

Rl should be configured such that R4 docs not advertise the allowed networks from BB1 
to its down stream neighbor's. 






On Rl 

R 1 (config^Access-list 1 permit 103.0.0.0 0.63.255.255 

Rl(config)#Act:ess-list 1 permit 104.0.0.0 0.31.255.255 
Rl(conng>Aecess-list 1 permit 105.0.0.0 0.3.255.255 
Rlfconfig^Access-list 1 permit 107.1.1.0 0.0.0.127 
Rlieonfig^Aecess-list 1 permit 108.1.1.64 0.0.0.63 
Rlfconfig^Access-list 1 permit 109.1.4.0 0.0.3.255 

R 1 (config)r ! RoLitcr rip 

Rl(config-routcr)rK)ff'set-list 1 out 12 SerialO 0.12 
Rlfconfig-routcr^OfYset-list 1 out 13 SerialO 0.14 

R2*Show ip route B Gateway 

Gateway of last resort is not set 

103.0.0.0/10 is subnetted, I subnets 
R 103. 0. 0. 1 120/1 4 1 v ia 1 . 1 . 1 2 . 1 , 00 :0 :44 , ScrialQ'O 2 1 
100.0.0.0/24 is subncttctl 1 subnets 
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c 


1 LI. 


R 


10. 


R 


10. 


c 


10. 


R 


10. 


R 


10. 


R 


10. 


C 


1 (1. 



R 100.1.1 1 1.0 [120/1] via 10.1.12. I, 00:00:44, Scria!0/0.21 

112.0.0.0/24 is subnetted, 2 subnets 
D I 12.2.2.0 [90/ 1 561 60 j via 10.1. 1 12. 1 12, 00:21:23, Fast Ethernet 0/0 
D 1 12.1.1.0 [90. 156160] via 10.1.112.112,00:21:23, FastEthcrnetQO 

10.0.0. 0'8 is variably subnetted, 10 subnets, 2 masks 
R 10. 1.14.0 24 [120/1 J via 10. 1.24.4, 00:00:02, FastEthcrnctO 1 

[120/1 J via 10.1.12.1, 00:00:44, ScrialO'0.21 
R 10.1.13.Q.'24 [120/1 J via 10.1.12.1, 00:00:44, ScrialO/0.21 
.12.0/24 is directly connected, ScrialO/0.21 
.3.0/24 [120/2] via 1 0. 1.12.1, 00:00:44, ScriaKl'0.2 1 
Ol 1.1 1 1.11 1 32 [ 120/ 1 J via 10. 1 . 12. 1, 00:00:44, Scrial0/02 1 
.24.0/24 is directly connected. Fast Ethernet 0/1 
46.0/24 [120/1 J via 10.124.4, 00:00:02, FastEthcractO 1 
45.0'24 [120/1 J via 10.124.4, 00:00:03, FastEthcractO I 
.56.0'24 [120/2] via 10.1.244, 00:00:03, FastEthcractO 1 
. I 1 2. 0/24 is directly connected, FastEthcrnctO 
108.0.0.0/26 is subnetted, "l subnets 
R 1 08. 1. 1.64 [12 0/ 1 4 1 v ia 10.1.12.1, 00: 0:46, ScrialO/ .2 1 

109.0.0.0/22 is subnetted I subnets 
R 109. 1.4. 1 120/141 via 10.1.12.1,00:00:47, ScrialO/021 

107.0.0.0/25 is subnetted, I subnets 
R 107.1.1.0 [120/14] via 10.1.12.1, 00:00:47, ScrialO. 0.21 

104.0.0.0/11 is subnetted, I subnets 
R 104,0.0.0 [120/14| via 10.1.12.1, 00:00:47, Scrial0.'0.21 

105.0.0.0/14 is subnetted. I subnets 
R 1 05.0.0. (1 1 120/141 via 10.1.12.1,00:00:47, ScrialO/021 

Note R2 has a cost of 14 hops, these networks are advertised to R4 «ith a hop count 
of 15, \>hich means that R4 can not advertise these networks to any other router. 

On K4 

R4^Show ip route Inc 15 

R 1 03.0.0.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO/0 

[120/15] via 10. 1.14.1, 00:00:32, Scrial0,0.41 
R 108. 1 . 1 .64 [ 120/1 5] via 10. 1 .24.2, 00:00:06, Fast Ethernet 0/0 

[12Q'l 5] via 10.1 . 14. 1 00:00:32, ScrialO'0.41 
R 109.1.4.0 [120/15] via 10.1.24.2, 00:00:06, FastEthcrnctO 

[120/1 5] via 10. 1.14.1, 00:00:32, ScrialO'0.41 
R 1 07. 1.1.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO 

[120i5] via 10.1.14.1, 00:00:32, ScrialO/0.41 
R 104.0.0.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO'O 

[120i5] via 10.1.14.1, 00:00:32, ScrialO'0.41 
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R 1 05.0.0.0 [ 120/ 1 5 J via 10.1.24.2, 00:00:0 6, FastEthcmctO 
[120/15] via 10.1.14.1, 00:00:32, ScrialQ/Q.4l 






Task 1 1 

Rl and R3 should be configured such that periodic RIPvZ updates arc suppressed over 
the frame- relay connection between them. These routers should only send updates 
through the frame-relay connection if there is a topology change. 






On kl 

Rl(config)#]ntSO.O.I3 
Rlfconfig-routcrYirlp rip triggered 

On R3 

R3(config)#]nt SO. 0.31 
R3(config-if)#lp rip triggered 

Note this command works on all point-to-point and some multipoint links. 






Task 12 

Configure R2 and R4 such that they exchange updates using L'nicast. 






On R2 

R2(config)# Router rip 

R2 ( c o n fig-ro u t cr ) #P ass ivc- in tcrface FO/ 1 

R2i:config-router)#\cighbor 10.1 .24.4 

On R4 

R4 (con fig)* Router rip 

R4 ( c o n fig-ro u t cr ) ^P ass ive- in tcrfac c FO. 

R4i:config-routcr)r*Xcighbor 1 0. 1 .24.2 
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Note if the "passive- interface" command is not used, the routers \rill send both 
Unicast and Multicast updates to each other. 






[ask 13 

Configure R5 and R6 such that they exchange version 2 updates using Broadcast. 






On R5 and R6 
Ccomfigpiit FQ'O 

(config-if)#lp rip v 2 -broad cast 

To test and verity the configuration: 

On K6 

R6#Dcbug ip rip 

RIP: sending v2 flash update to 255.255.255.255 via FastEthcrnctO (10. 1.56.6) 






Task 14 

Configure the following Loopbaek interfaces on R3 and advertise a single summary route 
into the RIP routing domain: 

Loopbaek 1 = 1 50. 1 .0.3 /24 
Loopbaek 2= 150. 1.1.3 24 
Loopbaek 3= 150.1.2.3 24 
Loopbaek 4= 150.1.3.3/24 






On R3 

R3(config)#]ntLol 

R3(config-ifyip address 150.1.0.3 255.255.255.0 

R3i;config^lnt k)2 

R3iconfig-if)# lp address 150. 1.1.3 255.255.255.0 
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R3(config')#]nt k)3 

R3(config-if)*]p address 150. 1 .2.3 255.255.255.0 

R3(config)#Int k)4 

R3(config-it>lp address 150. 1.3.3 255.255255.0 

R 3 iconfig)* Router rip 

R3 (co n fig-ro u tcr)#S"ct\vo rk 1 5 . 1 .0.0 

R3(config)MntS0/0.31 

R3(config-it>lp summary -ad dress rip 150.1.0.0 255.255.252.0 

R3(config)#]nt SO/1 

R3iconfig-il>lp sum man -address rip 150.1.0.0 255.255.252.0 

To test and verily the configuration : 

On Rl 

Rl^Show ip route rip 

103.0.0.0/10 issubnetted, I subnets 
R 1 3. .0 .0 [ 1 20/ 1 J via 1 . 1 . 1 1 I . I I I , 00: : 5 

10.0.0.0/8 is variably subnetted, 11 subnets. 2 masks 
R 10. 1.3.0/24 [12*0/1] via 10.1 . 100.3, 00:00:39, ScrialO/1 

[120/1 j via 10.1.13.3, 00:00:56, ScrialO/0.13 
R I ft 1 .24.0 24 [ 120/1 j via 10.1 . 14.4, 00:00:33, ScrialO/0. 14 
[120/1 J via 10.1.12.2, 00:00:49, SeriaKJ/0.12 
R i ft 1.46. 24 [ 120/ 1 J via 1 . 1 . 1 4 .4 , 00 :00 : 3 3 , Scria 10/0 . 1 4 
R I ft 1 .4 5 jQ/24 [ 120/ 1 J v ia 1 . 1 . 1 4 .4 , 00 :00 :33, Scria 10,0 . 1 4 
R I ft 1 .56.0/24 [ 120/2] via 1 0. 1. 14.4, 00:00:33, SerialO/0. 1 4 
R 10. 1.1 12.0/24 [120/1 J via 10.1.122, 00:00:49, ScrialO/0.12 

108.0.0.0 '26 is subnettcd, I subnets 
R 108.1.1.64 [120 1] via 1 0.1 . 1 1 1 . 1 1 1, 00:00:05 

10 9. 0.0 .0/22 is sub netted, I subnets 
R 109.1.4.0 [120/1 J via 10. 1. 1 1 1. 1 I L 00:00:05 

107.0.0.0/25 is subnettcd, I subnets 
R 107.1.1.0 [120/1 J via 10. 1. 1 1 1. 1 1 I, 00:00:05 

104.0.0.0/11 is subnettcd, I subnets 
R 1 04.0.0.0 [120/1 J via 10. 1. 1 1 I . I 1 1 , 00:00:06 

150. 1.0.0/22 is subnettcd, I subnets 
R 150.1.0.0 1 120/11 via 10.1. 100.3, 00:00:40, ScriaKLi 
1120/11 via 10.1.13.3,00:00:57, ScrialO'0.13 

105.0.0.0/14 is subnettcd. 1 subnets 
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R 1 05.0.0.0 [ 120/1 J via 10.1.111.111, 00:00:08 

R* 0.0.0.0 [1 20/1] via 1 0. I.I 2,2, 00:00:51, ScrialO/0. 1 2 






Task 15 

Rl is a high speed router sending updates to R3 which is a low speed router. Because of 
this fact, R3 is not be able to receive and process updates at the rate that Rl operates. 
Configure Rl such that when it has multiple RIP packets to send to R3,, it waits 1.0 
milliseconds between the packets. To further remedy these situations, configure R3 to 
increase its unprocessed RIP input queue depth to 75 packets. 






On Rl 

R 1 (con fig )#Ro titer rip 

R 1 ( c o n tig -ro u t cr ) r* ou t put ■ d el ay 1 1) 

The above configuration will help 113 from losing routing information, because this 
command introduces a delay of 1(1 milliseconds between packets in a multiple packet 
RIP updates. By default there is no inter-packet delay and the range for this timer is 
(8 - 50 milliseconds). 

On R3 

R3(contlg)#Routcr rip 
R3(config-router)#input-queue 75 

This command will also help to prevent muting information from being lost. The 
value specifies the depth of the input queue, the larger the value, the larger the 

depth of the queue. The range is (0 — 1024) and the default value is 50. 




cc 


Task 16 

Configure R6 with the following 10 Loopback interfaces. R6 should be configured to 
advertise these Loopback interfaces in RIP routing domain. 

Configure R6 such that R4 receives the EVEN routes from R6 and the ODD routes from 
R5. Whereas, R5 should receive the ODD routes from R6 and the EVEN numbered 
routes fromR4. You should use an ace ess- list with minimum number of lines to 
accomplish this task. 
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Loopback = 160. 1.0.6 24, Loopback 1 = 1 60.1 . 1.6 /24 s Loopback 2 = 1 60.1.2.6 24 
Loopback 3 = 1 60. 1 .3.6 24, Loopback 4 = 1 60.1.4.6 24 r Loopback 5 = 1 60.1.5.6 24 
Loopback 6 = 1 60. 1 .6.6 24, Loopback 7 = 1 60.1.7.6 /24 r Loopback 8 = 1 60.1 .8.6 .24 
Loopback 9 = 160.1.9.6/24. 



On R6 

R6(config)#Int b0 

R6(config-it>]p address 160. 1.0.6 255.255255.0 

R6(corifig')#Int lol 

R6(config-ity lp address 160.1.1.6 255.255.255.0 

R6i;config^Int k>2 

R6(config-il>]p address 160. 1 .2.6 255.255.255.0 

R6i;config^lnt k)3 

R6i;config-if)#]p address 160. 1.3.6 255.255255.0 

R6iconfig)#Int k)4 

R6(config-ir)#lp address 160. 1.4.6 255.255255.0 

R6 (con fig')#] nt k>5 

R6iconfig.il>] p address 160.1.5.6 255.255255.0 

R6(config')#]nt Jo 6 

R6(con%-il>lp address 160. 1.6.6 255255.255.0 

R6(config)#]nt k)7 

R6(config-il>lp address 160.1.7.6 255255255.0 

R6(config)#Int k)8 

R6(config-it> lp address 160.1.8.6 255255255.0 

R6(config)#Int lo9 

R6fconfig-it>lp address 160. 1.9.6 255.255255.0 

On R6 

R6(config)#Acccss-list 1 permit 160.1.1.0 0.0.254.255 
R6(config)#Access-list 2 permit 160.1.0.0 0.0.254255 

R6(coniig)#Routcr rip 
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R6(config-routcr)#Offset-list 2 out 15 FastEthcrnctQ'O 




R6 (c o n fig-ro u ter)#Q ffsct- 1 isrt 1 out 1 5 Scri alO/O .64 




R6(config-router)# Network 160. 1.0.0 




I o verify and test the configuration: 




On R4 




R4#Sh ip route rip 1 nc 1 0. 1 .46. 6 




R 1 60. 1 .0.0 [ 120/1 j via 1 0. 1.46.6, 00:00:29, ScrialQ'0.46 




R 1 60. 1 .2.0 [ 120/1 J via 10. 1.46.6, 00:00:29, ScrialO/0.46 




R 1 60.1.4.0 [120/1 J via 10. 1.46.6, 00:00:29, ScrialO'0.46 




R 160.1.6.0 [ 120/1 J via 10. 1.46.6, 00:00:29, ScrialG'0.46 




R 160.1.8.0 [120/1 J via 10. 1.46.6, 00:00:29, ScrialO/0.46 




R 10. 1 .56.0/24 [120/1 J via 1 0. 1 .46.6, 00:00:29, SerialO/0.46 




R4#Sh ip route rip Inc 10.1 .45.5 




R 1 60. 1 . 1 .0 [ 120/2] via 1 0. 1.45.5, 00:00:5 1 , SerialQ.'0.45 




R 1 60. 1 .3.0 [120/2] via 10.1.45.5, 00:00:51 , ScrialO'0.45 




R 1 60. 1 .5.0 [120/2] via 10.1.45.5, 00:00:51 , ScrialO/0.45 




R 1 60. 1 .7.0 [ 120/2] via 10. 1.45.5, 00:00:5 1 , ScrialO'0.45 




R 1 60. 1 .9.0 [ 120/2] via 1 0. 1.45.5, 00:00:5 1 , SerialQ'0.45 




[120/1] via 10.1.45.5, 00:00:51 , ScrialO/0.45 




Note R4 is receiving even subnets of 160.1.0.0 netx^ork from R6, 


whereas, the odd 


subnets of the same netxvork is received from R5 




On \15 




R5#Show ip route rip Inc 1 60. 1. 




160.1.0.0/24 is subnetted, 10 subnets 




R 160.1.1.0|120/11 via 10.1.56.6, 00:00:26, FastEthernetO/0 




R 160.1.11.0 1120/21 via 10.1.45.4. 00:00:26, Serbia 0.54 




R 160.1.3.0 |120/11 via 10.1.56.6, 00:00:26, FastEthemetO/0 




R 160.1.2.0 |120/21 via 10.1.45.4, 00:00:26, Seria 10/0.54 




R 160.1.5.0 |120/11 via 10.1.56.6, 00:00:26, FastEthernetO/0 




R 160.1.4.0 |120/2| via 10.1.45.4. 00:00:26, Seria 10/ 0.54 




R 160.1.7.0 |120/11 via 10.1.56.6, 00:00:26, FastEthemetO/0 




R 160.1.6.0 1120/2] via 10.1.45.4, 00:00:26, Seria 10 0.54 




R 160.1.9.0 (120/11 via 10.1.56.6, 00:00:26, FastEthemetO/O 




R 160.1.8.0 1 120/21 via 10.1.45.4, 00:00:26, Seria 10/ 0.54 
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Note the even subnets of 160.1.0.0 are received from R4, whereas, the odd subnets of 
160.1.0.0 are received from R6, 



Task 17 

Configure RlPv2 on BB3: this router is connected to CAT-] 's port FO 1 3. Configure a 
solution such that R3 advertises all the RlPv2 routes to BB3. Do not change the VLAN 
assignment of any of the routers, or use a global configuration, and'or router 
configuration mode command to accomplish this task. 
BB3 may not have reachability to any of the IP addresses within this topology. 



On BB3 

B B 3 (co n fig)?* Router rip 

BB3('config-routcr)fr No validate-update-source 

On S\V 1 



SW1 (config)#\ionitor session 1 source interface F0- 3 both 
SW1 (co nfig)#V1oni tor session 1 destination interface F0/ 13 



To verify the configuration: 



On BBS 

BB3#Sh ip route rip 

103.0.0.0, 10 is submitted I subnets 

R 1 3.0 .0 .0 [ 120/3 J via 10. 1.3.3, 0:0 0:06 

100.0.0.0/24 is subnetted, I subnets 
R 1 00. LI 1 1.0 [120/2] via 10. 1.33, 00:00:06 

160. 1 .0.0/24 is subnetted, 1 subnets 
R 160.1.1.0 [120/5] via 10. 1.3.3, 00:00:06 
R 160.1.0.0 [120/4] via 10.1.3.3, 00:00:06 
R 1 60. 1 .3.0 [ 120/5] via 10. 1.3.3, 00:00:06 
R 160.1.2.0 [120/4] via 10.1.3.3, 00:00:06 
R 160.1.5.0 [120/5] via 1 0. 1.3.3, 00:00:06 
R 1 60. 1 .4.0 [ 120/4] via 10. 1.3.3, 00:00:06 
R 1 60. 1 .7.0 [ I20/5J via I 0. 1.3.3, 00:00:06 
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R 160. 1 .6.0 [120/4] via 10. 1.3.3, 00:00:06 








R 1 60. 1 .9.0 [ 120/5] via 1 0. 1.3.3, 00:00:06 








R 160.1.8.0 [120/4] via 10.1.3.3,00:00:06 








IO.O.O.G'8 is variably subnettcd, 1 1 subnets, 2 masks 








R 1 0. 1 . 1 4.0 24 [120/2] via 10.1 .3.3, 00:00:06 








R 10.1.13.0,24 [120/1] via 10. 1.3 


3, 00:00:06 








R 10. 1.12.0 24 [120/2] via 10. 1.3 


3, 00:00:07 








R 10. I.I 11. 11 1/32 [120/2 ]via 10 


1.3.3, 00:00:06 








R 111 1.24 .0/24 [120/3] via 10. 1.3 


3,00:00:08 








R 10.1.46.024 [120,3] via 10. 1.3 


3,00:00:08 








R 10.1.45.0 24 [120/3] via 10. 1.3 


3, 00 .00:08 








R 10.1.56.0/24 [120/4] via 10.1.3 


3, 00:00:09 








R 1 0. 1 . 1 00.0/24 [ 120/1 ] via 1 0. 1.3.3, 00:00:09 








R 1 0. 1 . 1 1 2.024 [120/3] via 1 0. 1.3.3, 00:00:09 








108.0.0.0/26 is subnettcd 1 subnets 








R 108.1.1.64 [120/3] via 10.1.3.3, 00:00:09 








109.0.0.0/22 is subnettcd 1 subnets 








R 109.1.4.0 [120/3] via 10. 1.3.3, 00:00:09 








107.0.0.0/25 is subnettcd, 1 subnets 








R 107. 1.1.0 [120/3] via 10. 1.3.3, 00:00:09 








104.0.0.0/1 1 is subnettcd, 1 subnets 








R 1 04.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 








150. 1 .0.0/ 1 6 is variably subnettcd, 5 subnets, 2 masks 








R 1 50. 1 .3.0/24 [120/1 ] via 10.1 .3.3, 00:00:09 








R 1 50. 1 .2.0/24 [120/1 ] via 10.1 .3.3, 00:00:09 








R 1 50. 1 . 1 .0/24 [120/1 ] via 10. 1 .3.3, 00:00:09 








R 150. 1 .0.0 24 [120/1] via 10. 1 .3.3, (X):00:09 








R 1 50. 1 .0.Q.'22 [120/3] via 10. 1 .3.3, 00:00:09 








105.0.0.0/1 4 is subnettcd, 1 subnets 








R 105.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 








R* 0.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 






Task IS 




Erase the startup con figuration and reload the routers before proceeding 


to the next 


protocol. 
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Lab Setup: 



VLANs: 

> FO/0 interface of BB1 and Rl should be configured in VLAN 1 I 
£■ FO/0 interface of R3 should be configured in VLAN 3 

> FO'O interface of BB2 and R2 should be in VLAN" 22 

> FO interface of R5 and R6 should be configured in VLAN 56 

> FO/1 interface of R2 should be configured in VLAN 2 
5* FO/0 interface of R4 should be configured in VLAN 4 



Frame-relay: 

> R4 should be configured with two sub- interfaces in a point-to-point manner, one 
connecting R4 to R5 and the second one connecting R4 to R6. 

'* R5 and R6 should each be configured with a single point-to-point sub -interface 
connection to R4. 

> Rl should be configured with three point-to-point sub-interfaces connecting it to 
router* R2 ; R3 and R4. 

> Routers R2. R3 and R4 should be configured with a point-to-point frame-relay 
connection to Rl. 

> Configure the bandwidth of R4's point-to-point frame-relay connection to R5 to 
be 51 2 Kbps. 



Trunking: 

The trunk ing should be established between SW-1 and SW-2 using ports FO.' 1 9 and 
FO. 20. 
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IP Addressing chart: 




Router 


Interface 


Connecting to: 


IP Address 




Rl 


SO .0.12 


R2 


10.1.12.1 .24 






SO/0. 1 3 


R] 


10.1. 13.1 .24 








SO. 0. 1 4 


R4 


10.1.14.1 .'24 








SO/1 


R3 


1 0.1. 100.1 ;24 








FO/0 


BB1 


1 0. 1 . 1 1 1 . 1 124 








LoO 


- 


150.1.1.1 .'24 








Lol 


. 


I.I. 0.1 .'24 








Lo2 


- 


I.I. I.I .'24 








Lo3 


- 


1.1.2.1 04 








Lo4 


■ 


1.1.3.1 '24 




\U 


SO 0.21 


Rl 


10.1.12.2 24 






FO/0 


BB2 


10. I.I 12.2/24 








F0/1 


- 


10.1.2.2,24 








LoO 


- 


15QA22QA 




m 


SO 0.31 


Rl 


10. 1.13.3 24 






SO/1 


Rl 


10.1.100.3.24 








F0 


- 


10.1.3.3/24 








LoO 


- 


150.1.3.3 .24 




R4 


SO 0.41 


Rl 


10.1.14.4,24 






90/0.45 


R5 


10.1.45.4,24 








SO 0.46 


R6 


10.1.46.4,24 








FO/0 


- 


10.1.4.4 24 








LoO 


- 


150.1.4.4 24 




\15 


SO .0.54 


R4 


10.1.45.5 24 






F0/O 


R6 


10.1.56.5,24 








LoO 


- 


150.1.5.5,^4 




R6 


SO 0.56 


R4 


10.1.46.6 24 






F0 


Rf 


10.1.56.6 24 








LoO 


- 


150.1.6.6 24 




BBI 


F0 


Rl 


10. 1.11 1.1 11, 24 






LoO 


■ 


150.1.1 11.111 24 




BB2 


FO 


R2 


10.1.112.112 "24 






LoO 


- 


150. 1. IP. 11 2.^4 
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Logical Topology 
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Task 1 

Configure the routers as follows: 



•-- 



> R I and BB 1 should be configured in AS 1 00: BB I should advertise it's directly 
connected networks in this AS, whereas, Rl should ONLY advertise it's 
connection to BB1 and it's loO interlace in this AS. 

> R2 and BB2 should be configured in AS 200; BB2 should advertise it's directly 
connected networks in this AS, whereas, R2 should ONLY advertise it's 
connection to BB2 in this AS. 

> Rl, R2, R3 and R4 should be configured in AS 300; Rl should advertise it's P2P 
connection to R3, all of it's frame- re lay connections and Loopback 1—4 in this 
AS. R2 should advertise it's FO.'l, LoO and it's frame-relay connection in this AS. 
R3 should advertise all of it's interfaces in this AS. R4 should advertise it's 
frame- relay connection to Rl, FO'O and it's LoO interface in this AS. 

> R4, R5 and R6 should be configured in AS 400: R4 should advertise it's frame- 
relay connections to R5 and R6 in this AS. R5 and R6 should advertise all their 
directly connected networks in this AS. 



To uon lljjiiru l]iu l"mt iluan in Hits tusk: 

On BB1 

BB I (config)#routcr cigrp 100 

BB1 (con fig-router)?' no au 

BB1 (config-routcr)#nctwork 0.0.0.0 

Note the "Network 0.0.0.0" advertises the existing and future directly connected 
networks in the AS. 

On Rl 



R 1 (configure) Liter cigrp 1 00 
Rl(config-routcr)#no au 
RKconfig-routcr^nctwork 10. 1. 1 1 1.1 0.0.0.0 
Rli;eonfig-routcr)#nctwork 150.1.1.1 0.0.0.0 



To vi'rit'y the configuration: 



On BBI 
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BBl"Sho\v ip route cigrp 

150. LO. 0/24 is subnetted, 2 subnets 
D 1 50. 1. 1.0 [90: 1 56 1 60] via 10. 1 . 1 1 1 . L 00:02:06, FastEthcrnctO 

On m 



R 1 3 Show ip route cigrp 

150. 1 .0.0/24 is SLibncttcd. 2 subnets 
D 1 50. 1. 1 1 1.0 [90. 1 56 1 60 J via 1 0. 1 . 1 I I . I I L 00:02: 1 5, FastEthcrnctO 

To configure Hit; second item in this- task: 

On BB2 

BB2(conilg)#routcr cigrp 200 
B B 2 (co n fig-ro u tcr )#no au 
BB2(config-routcr)#nct work 0.0.0.0 

On R2 

R2 ( 'c o n fig)#ra li t cr cigrp 2 
R2ieonf]g-routcr)#no au 
R2(config.routcr)#nct\vork 10. 1. 1 12.0 0.0.0.255 

Note the above network command is another way to advertise routes in Eigrp. 
To verify the configuration: 

On BB2 

BB2ffShow ip cigrp neighbors 

1P-E1GRP neighbors for process 200 

H Address Interface Hold Uptime SRTT RTO Q Scq 

(sec) (rns) Cnt Xum 

10. 1. 1 122 Fa0/0 1100300:30 4 200 2 

BB2#Show ip cigrp topo.ogy 

1P-E1GRP Topology Table lor AS(200)TD( 150.1.1 1.2.1 12) 

Codes: P - Passive., A - Active, L" ■ Update., Q ■ Query. R - Rcp.y. 
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r - reply Status, s - sia Status 

P 150.1.1 12.004, 1 successors, FD is 128256 
v ia Co n n cc ted , Loo pb ac k 

P 10.1.1 1 2.0/24, I succcsso rs, FD is 28 1 60 

v ia C o n nc Ct ed , F ast E t h crn ctO" 

On R2 

R2#Sho\v ip route cigrp 

150.1.0.0/24 is subnetted, 2 subnets 
D 150.1.112.0 [90/ 156 160 J via 10. 1.! 12.1 12,00:03:47, FastEthcrnctO/0 

R2"Sho\v ip cigrp topology 

1P-E1GRP Topology Table lor AS(200)TD( 150. 12.2) 

Codes: P - Passive, A - Active, U - Update. Q - Query. R - Reply, 
r - reply Status, s - sia Status 

P 150.1.112.0/24, 1 successors, FD is 156160 

via 10.1.112.112 ( 156 1 60; 1 28256), FastEthemctO 
P 10.1.1 12.0/24, 1 successors, FD is 28 160 

via Connected, Fast Ethernet 0/0 

R2*Show ip cigrp topology 150. 1.11 2.0 24 

1P-E1GRP (AS 200): Topology entry for 150.1. 112.0/24 
State is Passive, Query origin Hag is I, I Succcssor(s), FD is 156 160 
Routing Descriptor Blocks: 

10. 1.1 12.112 (FastEthcrnctO/0), ftom 10.1. 1 12.1 12, Send flag is 0x0 
Composite metric is (156160/128256), Route is Internal 
Vector metric: 
Minimum bandwidth is 100000 Kbit 
Total delay is 5 1 00 microseconds 
Reliability is 255/255 
Load is 1/255 
Minimum MTU is 1500 
Hop count is 1 

To configure the third item in this task: 
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On Rl 




Rl (config)#routcr cigrp 300 




R 1 iconilg-ro utcr)?* no au 




Rl(config-routcr)#ncLwork 10.1.100.1 0.0.0.0 




R 1 (c o n fig-ro u ter)#nct wo r k 1 . 1 . 1 2. 1 .0 .0 .0 




Rli;config-routcr)#nctwork 10.1.13.1 0.0.0.0 




Rl (con fig-ro utcr)#nctwork 10.1.14.1 0.0.0.0 




Rli;eonfig-router)#nctwork 1.1. 0.1 0.0.0.0 




Rl(config-routcr)#nct\rark 1.1.1.1 0.0.0.0 




Rli;config-routcr)?*nctwork 1.1.2.1 0.0.0.0 




Rli;config-router)#nctwork 1.1.3.1 0.0.0.0 




On R2 




R2(config)#routcr cigrp 300 




R2(config-routcr)r*no lu.i 




R2i;config-routcr)#nctwork 10.1.2.2 0.0.0.0 




R2 (c o n fig-ro u tcr)#nct wo rk 1 5 . 1 . 2. 2 .0 .0 .0 




R2(config-routcr)#nctwork 10.1.12.2 0.0.0.0 




On R3 




R3(oonfigJ#router cigrp 300 




R3 (c o n fig-ro u tcr)f*no an 




R 3 (c o n fig-ro u t cr)# net wo r k 0. 0.0. 




On R4 




R4(config)f?routcr cigrp 300 




R4 (c o n fig-ro u tcr)# no an 




R4i;config-routcr)£nctwork 10. 1. 14.4 0.0.0.0 




R4(config-routcr)#nctwork 150.1.4.4 0.0.0.0 




R4iconfig-routcr)#nctwork 10. 1.4.4 0.0.0.0 




In verify the eonfiyuration: 




On Rl 




Rl#Sh ip route cigrp 300 




IO.O.O.Q'24 is subletted, 8 subnets 




D 10. 1 .3.0 [ 90 2 1 724 1 6 1 via 1 0.1.1 00. 3, 00:02:02, 


ScrialQi 
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[90/21 724 1 6 J via 10. 1 . 1 3.3, 00:02:02, ScrialO/0. 1 3 
D 10. 1.2.0 [9(121724161 via 10.1. 12.2,00:06:29, ScrialO'0.12 
D 1 0. 1 .4.0 [90/2 1 724 1 6] via 10.1. 14.4, 00:04:33, ScrialO'O. 14 

150.1. €.0/24 is sub net ted 5 subnets 
D 150.1.4.0 [90 .2297856 j via 10.1.14.4,00:04:23, Scrialtt'0.14 
D 1 50. 1.3.0 [90. 2297856] via 1 0. 1 . 100.3, 00:02:02, ScrialO/1 

[90.2297856] via 10. 1.13.3, 00:02:02, ScrialO/0. 13 
D 150.1.2.0 [90,2297856] via 10.1.12.2, 00:06:29, Scriaia'0.12 

On R2 

R2*Show ip route cigrp 300 

1 .0.0.0 24 is subletted, 4 subnets 
D 1. 1.0.0 [90 2297856] via 10.1.12.1,00:07:21, Scria 10/0.21 
D 1. 1.1.0 [90 2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 
D 1. 1.2.0 [90 2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 
D 1. 1.3.0 [90,2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 

10.0.0.0.24 issubnetted, 8 subnets 
D 10.1.14.0 [902681856] via 10.1.12.1, 00:07:21, ScrialO/0. 21 
D 10. 1.13.0 [90 2681856] via 10.1.12.1, 00:07:21, Scrialtt'0.21 
D 1 0. 1 .3.0 [90 26844 1 6] via 10.1 . 12. 1 , 00:06:03, Scrialfl'0.21 
D 10. 1.4.0 [90 26844 16] via 10. 1.12. 1,00:05:26, ScrialO'0.21 
D 10. 1.100.0 [90 2681 856; via 1 0. 1 . 1 2.1 , 00:07:21, ScrialO/0.21 

150.1.0.0/24 is sub net ted, 4 subnets 
D 150.1.4.0 [90/2809856] via 10.1.12. 1, 00:05:16, Scriaia'0.21 
D 150.1.3.0 [90,2809856] via 10.1.12.1, 00:06:03, Scriaia'0.21 

On \U 

R3*Ship route cigrp 300 

1 .0.0.0/24 is subnetted, 4 subnets 
D 1. 1 .0.0 [90,2297856] via 10.1. 100. 1, 00:04:53, ScrialO'l 

[90,2297856] via 1 0. 1.13. 1, 00:04:53, ScrialO/0.31 
D 1. 1.1.0 [90,2297856] via 10.1.100.1,00:04:53, ScrialO'l 

[90,2297856] via 10.1.13.1, 00:04:53, ScrialO/0.31 
D 1.1 .2.0 [90,2297856] via 10. 1. 100.1,00:04:53, ScrialO'l 

[90,2297856] via 1 0. 1.13. 1, 00:04:53, ScrialO/0.31 
D 1.1 .3.0 [90,2297856] via 10.1.100.1,00:04:53, ScrialO/1 

[90.2297856] via 10.1.13.1,00:04:53, ScrialO/0.31 
IO.O.O.Q'24 issubnetted, 7 subnets 
D 1 0. 1 .14.0 [90 268 1 856] via 1 0. 1 . 100. 1 , 00:04:53, ScriaHl/l 
[90268 1 856; via 1 0. 1 . 1 3. 1 , 00:04:53, ScrialO 0.3 1 
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D 10. 1.12.0 [90 '268 1856] via 10.1.100.1, 00:04:53, Scrial0/1 

[90.268 1 856^ via 1 0. 1 . 1 3.1 , 00:04:53, ScrialO'0.3 1 
D 10. 1.2.0 [90 2684416] via 10.1.100. L, 00:04:53, Scriaiai 

[90/26844 1 6] via 1 0. 1.13.1, 00:04:53, ScrialO/0.3 1 
D 1 0. 1 .4.0 [90/26844 1 6] via 10.1 . 100. 1, 00:04:54, ScrialO I 
[90/26844 1 6 J via 1 0. 1 . 1 3.1 , 00:04:54, ScrialO/0.3 1 
150.1.0.0/24 is subncttcd, 3 subnets 
D 150.1.4.0 [90/2809856] via 10.1.100.1, 00: 04: 54, ScriaK)/'l 

[90/2809856] via 1 0. 1.13.1, 00:04:54, Scriaia'0.3 1 
D 150.1.2.0 [90 2809856] via 10.1 . 100.1, 00:04:54, ScrialO/1 
[90 280 9856 J via 1 0. 1 . 1 3. 1 , 00:04:54, ScrialO/0.3 1 

On R4 

R4frSho\v ip route cigrp 300 

1.0. 0.0' 24 is sub net ted, 4 subnets 
D 1.1 .0.0 [90/2297856] via 10.1.14.1, 00:09: 1 1 , ScriaK)/0.4 1 
D 1. 1.1.0 [90 2297856] | via 10. 1.14.1, 00:09: 1 1, Scria 10/0.41 
D 1. 1.2.0 [90 2297856] via 10.1.14.1,00:09:11, ScrialO/0.41 
D 1. 1.3.0 [90/2297856] via 10. 1.14.1, 00:09:1 1, Scria 10/0 .41 

1 0.0.0. fl'24 is subnet ted, 9 subnets 
D 1 0. 1 . 1 3. [90/268 1 856] via 10.1. 14. 1, 00:09: 1 1 , ScrialO/0.41 
D 1 0. 1 . 1 2. [90 268 1 856] via 10.1 . 14. 1, 00:09: 1 1 , Serial WO. 41 
D 1 0. 1 .3.0 [90 26844 1 6 j via 10.1. 14. 1 , 00:09: 1 1 , ScrialQ'0.41 
D 10.1.2.0 [90/2684416] via 10.1. 14.1,00:09:1 1, ScrialO'0.41 
D 10. 1 .1 00.0 [90/268 1 8561 via 10.1.14.1, 00:09: 1 1 , SerialO/0.4 1 

150. 1 .0.0/24 is subnettcd. 3 subnets 
D 150.1.3.0 [90/2809856] via 10.1. 14. 1, 00:09:1 1, ScrialO/0.41 
D 150.1.2.0 [90.-2809856] via 10.1.14.1, 00:09:1 1, ScrialO'0.41 

1 ii uonlimu 'l' thf forth itfin in this task: 

On R4 

R4(eonfig)#ro Liter cigrp 400 
R4(config-routcr)#no au 
R4fc:onrig-routcr)r*nct\vork 10.1.45.4 0.0.0.0 
R4(config-routcr)#nctwork 10.1.46.4 0.0.0.0 

On R5 

R5fconfig)#ro utcr cigrp 400 

R5(cc?nHg-routcr)f*no au 
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R5 (c o n tlg-ro u t cr )#nctwo rk 0. 0.0. 

On R6 

R6 (con figure Liter cigrp 400 
R6 (c a n fig-ro u t cr)#no au 
R6(config-routcr)#nctwork 0. 0.0.0 



To vLiitv the 1 configuration: 



On K4 

R4nShow ip route cigrp 400 

10.0.0.0/24 is subnetted 10 subnets 
D 10.1.56.0 [90/21 724 16J via 10.1.46.6, 00:00:32, ScrialO 0.46 

150. 1.0.0:24 is subnetted 5 subnets 
D 150.1.6.0 [90/2297856] via 10.1.46.6,00:00:32, ScrialO/0.46 
D 1 50. 1 . 5. [ 90 '2 3 04 1 6 J via 1 . 1 .46 . 6, 00 :00 : 32 , ScrialO . 46 

On K5 

R 5" Show ip route cigrp 

10.0 .0.Q/24 is subnetted, 3 subnets 
D 10.1.46.0 [90/2172416] via 10.1.56.6, 00:01:03, FastEthcrnctO. 

150.1.0.0/24 is subnetted 2 subnets 
D 150.1.6.0 [90/1 56 160 J via 10.1.56.6,00:01:00, FastEthcrnctO/0 

On K6 

R 6** Show ip route cigrp 

10.0.0.0/24 is subnetted 3 subnets 
D 10. 1.45.0 [90/2172416] via 10.1.56.5, 00:01:22, FastEthcrnctO 

150. 1.0.0/24 is subnetted 2 subnets 
D 150.1.5.0 [90/156160] via 10.1.56.5,00:01:22, FastEthcrnctO/0 
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Task 2 

Configure the hello and dead interval of all the routers in AS 300 to 20 and 
respectively. 



On kl 

Rl(eoiifigpiitS0 0.12 

Rl(config-subif)#ip hello-interval eigrp 300 20 
Rli;config-SLibit)#ip hold-time eigrp 300 80 

Rl (config-subifJSInl SO/0.13 
Rl(config-subit)#ip hello -interval eigrp 300 20 
Rl(config-subit)#ip ho Id- lime eigrp 300 80 

Rl (config-subif)#Int SO/0.14 

Rl (config-subitVip hello-interval eigrp 300 20 

Rl(config-subifl#ip hold-time eigrp 300 SO 

Rl(config-subifi#lnlS(l/l 

Rl(config-ii>ip hello-interval eigrp 300 20 

Rl(config-il>ip hold-time eigrp 300 80 

On R2 

R2(config)*lntS0V0.21 

R2(config-subifi#ip hello -interval eigrp 300 20 

R2(coniig-subif)#ip ho Id- lime eigrp 300 SO 

On k3 

R3(config)#lratS0 0.31 

R3(config-subifJ#ip hello-interval eigrp 300 20 
R3(config-SLibif)#ip hold-time eigrp 300 SO 

R3(config-subifi#Int S0/1 

R3(config-it>#ip hello-interval eigrp 300 20 

R3(config-ii>ip hold-time eigrp 300 80 

On K4 

R4(config)#lntS0/0.41 

R4(config-subi:f)r*ip hello-interval eigrp 300 20 

R4(config-subif)#ip hold-time eigrp 300 SO 
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Task 3 

Ensure that the routers in AS1 00 ONLY use bandwidth to calculate their composite 
metric. 



Note the composite metric for network 150.1.1 1 1.0 .'24 is calculated as follows: 

10,0(10,000 Kbit divided by the slowest bandwidth along the path to a given 
destination (In this case network 150.1.1 1 1.0 .'24 ), plus the sum of all interface delays 
along the path to that destination divided by 10 , and then, the result of the previous 
calculation should be multiplied In 256: 



BB Iff Show intloO ; Inc MTU 

MTU 1514 bytes, B\V 8000000 Kbit /sec, DLY 5000 usee, 

BBlffShint FO-O 

MTU 1500 bytes, B\V 100000 Kbit/sec, DLY 100 usee 

10,000,000/ 1 (10.000 = 100 

5000- 100 = 5100/10 = 510 

(100 - 510) * 256= 156160 This is the composite metric that should be seen in the 
routing table 

On Rl 



R 1 *sh ip route 150.1.111 .0 Inc metric 

Known via "cigrp 100", distance 90, metric 156160, type internal 
Route metric is 156160. traffic share count is 1 

To change the K \ alues hased on the requirement: 

On Both routLT.s: 

(config)#routcr cigrp 100 

(config-ra utcr ^metric weight 1 

Note once the K value of a router is changed, the neighbor adjacency goes (town, 
because if the K values are different between two routers, the routers will not form 
neighbor adjacency. The following parameters must be the same 
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on two routers before they become adjacent: 

> The K values 

> AS numb el's 

> They must share the same layer two data link and be from the same IP 
address space. 

> If authentication must be enabled, it must be enabled on both routers and the 
password for the authentication must match. 

To verify the tonliauradun: 

On Rl 

Rl#Show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list lb rail interlaces is not set 

Incoming update filter list for all interlaces is not set 

Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight Kl=l, K2=fl, K3=0,K4=0, K5=0 
i The rest of the output is omitted) 

R 1 "Show ip eigrp 1 00 neighbors 

1P-E1GRP neighbors for process 100 

H Address Interface Hold Uptime SRTT RTO Q Scq 

(sec) (rns) Cnt Num 

1 0. 1 . 1 I I . i I I FaO/0 11 00: 10:34 5 300 8 

Rjjjgh ip rout eigrp 100 

150. 1.0.0 24 is subnetted, 5 subnets 
D 1 50. 1. 11 1.0 [90/25600] via 10.1 . 1 1 1 . 1 I L 00:12:22, FastE thcrnctO/0 

Note once the routers are configured, the composite value is changed based on 
bandwidth multiplied by 256 as follows: 

100 * 256 = 25600 
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Task 4 

Ensure that the routers in AS200 ONLY use the delay parameter to calculate their 
■composite metric. 



On Both routers: 

(eonfig)#routcr cigrp 200 

(config -router')?* metric weight (1 1 (I 

Note in this case only the delay value is considered, therefore, the sum of all the 
interface delays divided hy 10 should he multiplied hy 256 as follows: 

(5000 - 1 00) .' 10 = 510 This is the sum of all interface delay values divided hy 10. 

510 * 256 = 130560 This should be the new composite value. 

To test the configuration: 



On R2 

R2#Show ip route cigrp 200 

150. 1.0.0/24 is subnettcd. 4 subnets 
D 150.1.1 12.0 [90/130560] via 10. 1.1 1 2.1 12,00:01:00, FastEthcrnctO 



Task 5 

Configure R I to summarize it'sLoopback 1 —4 based on the following policy: 

> Rl should ONLY advertise the summary route to R2. 

> R 1 should advertise the summary route plus the network lor Loopback 2 to R3. 

> R 1 should advertise the summary route plus all the specific networks to R4. 

> Only one summary command per neighbor should be used to accomplish this 
task. 



To configure the firs! hem: 
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On kl 

Rl(config)#intS0/0.12 

Rl(config-SLibif)#ip summary- ad dress cigrp 300 1.1.0.0 255.255.252.0 

¥"©11 should seethe following message: 

%DUAL-5-NBRCHANGE: IP-EfGRP(0/ 300: Neighbor 10. 1.12.2 (SerblO/0. 12/ is 
resync: summary configured 

To test the configuration : 

On R2 

R2"Sho\v ip route cigrp 300 Inc .'22 

1.0.0.0/22 is subneited, 1 subnets 
D 1.1.0.0 190/22978561 via 10.1.12.1,00:01:03, 5erial0/0.21 

To configure the second item: 

Since configuring multiple summary commands is not allowed, one nay to 

accomplish (his (ask is (o configure (ho virtual template interlaces, one between 

Rl and R3, and another one betaeen Rl and R4. 

Note the "leak-map"" option is available under the physical and virtual-template 

interfaces. 

On Kl 



To configure PPP, a virtual-template interface must be configured and the IP 
address of the sub-interface must be assigned to the virtual-template: 

Rlfconfig^intSO/D. 13 
RI('config-subif)#no ip addr 

Rl(config)#lnt virtual-template 13 

Rl(config-if)#ip address 10. 1.13. 1 255.255.255.0 

Rl(config-il>ip summary-address eigrp 300 1.1.11.(1 255.255.252.0 leak-map Rl-3 

R 1 (c o n fig )# Route- map Rl-3 permit 10 
Rlf'conllg-routc-mapi^mak'h ip addr 1 

Rl(config)*access-list 1 permit 1.1.1.0 0.0.0.255 
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Note the leak- map option is now available, this option references a route-map, 
and the route-map references an access-list and what ever network's that is 
permitted in the access-list will be leaked along the summary route. 

Lastly the virtual-template interface is assigned to the sub-interface. 

Rli;config)#intSO.O.I3 

Rl(config-Siibif)#fra me- relay interface-dlci 103 ppp \irtual-Template 13 

Since there are two links (Int SO/0.13 and SO/1) between Rl and R3, the summary 
should also be applied to SO/1 interface: 

Rl(config)MntSO/l 

Rl(config-il>#ip summary-address eigrp 300 1.1.0.0 255.255.252.0 leak-map Rl-3 

On K3 

R3(config)r#int SO/0.31 
R3(config-subif)#no ip addr 

R3(config)#lnt virtual-template 31 
R3(oon£ig-if)#ip address 1 0. 1 . 13.3 255.255.255.0 

R3(config-it>int SO 0.31 

R3( con fig-sub if)P frame- relay interface-dlci 301 ppp virtual -Temp I ate 31 

To verify the configuration: 



On K3 

R3f*Sh ip route cigrp 300 

1.0.0.0/8 is variably subnetted, 2 subnets. 2 masks 
D 1.1 .0.0/22 [90/2297856] via 10.1. 1 00. 1 , 00:02: 1 5 r ScrialO/ 1 
D I.I.I .0 24 [90 .'229785 6 J via 10. 1 .1 00.1 , 00:02:1 5, ScrialO/ 1 

10.0.0.0/8 is variably subnettcd, 8 subnets, 2 masks 
D 10. 1.140/24 [90.268 1 856 J via 10.1. 100. 1 , 00:02: 1 5, ScrialG-i 
D 1 0. 1 . 1 2. 24 [ 90 2 6 8 1 8 5 6 J via 1 . 1 . 1 00 . 1 , 00: 02 : 1 5 , ScrialO/ 1 
D 10. 1 2.0/24 [90 26844 1 6] via 10.1.1 00. 1 , 00:02: 1 5, ScrialO/ 1 
D 10. 1 .4.0/24 [90 26844 1 6 J via 10. 1 .100.1 , 00:02: 15., ScrialO' 1 

150.1.0.0/24 is subnettcd, 3 subnets 
D 1 50. 1.4.0 [50 2809856J via 10.1. 100. 1,00:02: 15, ScrialO/1 
D 150. 1.2.0 [90 2809856] via 10.1. 100. 1,00:02: 15, ScriaW/1 
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To configure th l 1 third ituni: 



On Rl 



R 1 (c o n fig-s Lib if)#i nt SO /O . 1 4 
Rl(config-subif)#rjo ip addr 

Rlfconfig^Inl virtual-template 14 

Rl(config-it>ip address 10.1.14.1 255.255.255.0 

Rllconfig-il>ip summary -address eigrp 300 1.1.0.0 255.255.252.0 leak-map Rl-4 

Rli;config)#intS0 0.14 

R 1 (eon fig-s ubif)# frame- relay in.leriace-d.lei 104ppp virtual-Turn pi alt: 14 

R I iconi":^:)- Route-map Rl-4 permit 10 

Note if the leak-map references a mute-map, and the mute-map does not 
reference an access-list or it references an access-list that does not exist, the 
summary plus all specific routes are advertised. 

On R4 

R4(eonfig)#int SO/0.41 

R4 (con fig-s Lib if)#no ip addr 

R4(config)#Int virtual-template 41 

R4(config-il>*ip address 10.1.14.4 255.255.255.0 

R4(config-if)#int SO/0.41 

R4 (con fig-s ubif)T*frarne- relay interface-dlci 401 ppp virtual-Template 41 

To verify the configuration: 

On R4 

R4#Show ip route gigrj 300 



1.0.0.0/8 is variahlv suhnetted, 5 subnets, 2 masks 



D 
D 
D 
D 

D 



1.1.0.0/24 |90/27136001 via 10.1.14.1, 00 
1.1.0.0/22 |90/27136001 via 10.1.14.1, 00 
1.1.1.0/24 190/27136001 via 10.1.14.1, 00 
1.1.2.0/24 190/27136001 via 10.1.14.1, DO 
1.13.0/24 190/2713600) via 10.1.14.1, 00 



13, Virtu al-Aeeess2 
13, Virtual-Access2 
13, V irtual-Access2 
13, \ irtual-Access2 
13, \irtual-Access2 



lO.O.O.G'S is variably subnetted, 12 subnets, 2 masks 
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D 


10. 1.13.3 32 [90 5145600J via 10. 1.14.1, 00:00:13, Virtual- Acccss2 


D 


10. 1.13.0.24 [90.5145600] via 10. 1. 14.1, 00:00:13, Vhtual-AcccssZ 


D 


10. 1.12.0 24 [90/4729856] via 10.1. 14.1, 00:00:13, Virtual- Acccss2 


D 


1 0. 1 .3.0/24 [90/47324 1 6J via 10. 1 .14. 1 , 00:00: 1 3, Virtual- Ac ccs*2 


D 


1 0. 1 .2.0/24 [90/47324 1 6] via 10.1.14.1, 00:00: 1 3, Virtual- Ac ccss2 


D 


1 0. 1.1 OO.Q/24 [90'4729S56j via 10.1 . 14. 1 , 00:00: 1 3, Virtual- Ace css2 




150. 1.0.0/24 is sub net ted. 5 subnets 


D 


150.1.3.0 [90/4857856] via 10.1.14.1, 00:00:14, Virtual-Acccss2 


D 


150.1.2.0 [90.4857856] \ia 10.1.14.1, 00:00:14, Virtual-Acccss2 



Task 6 

R4 should perform unequal cost load balancing to get to network 1 0.1.56.0 24. 



Note R4 takes R6 (10.1.46.6) to get to network 10.1.56.0 '24, the routing table of R4 
reveals this information: 

R4#Sho\v ip route cigrp 400 

10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks 
D 10. 1.56.U'24 |90.*21724161 via 10.1.46.6, 00:44:40, SerialO/0.46 

150.1.0.0/24 is subnetted, 5 subnets 
D 150.1.6.0 [90 2297856] via 10.1.46.6,00:44:40, ScrialO 0.46 
D 150.1.5.0 [90 '230041 6] via 10.1.46.6, 00:44:40, ScrialO'0.46 

In order to perform an unequal cost load balancing, the advertised distance of the 
worst route should be hmer than the feasible distance. In this case the advertise 
distance of R5 for network 10.1.56.0 /24 is 28160, this value is less than the feasible 
distance which is 2172416, this means that R? hil'l'Is the feasibility condition. 
therefore, the unequal cost load balancing can be performed. 

R4#Show ip cigrp 400 topology 10. 1 .56.0/24 

1P-EIGRP (AS 400): Topology entry for 10. 1.56.0.24 

State is Passive, Query origin flag is 1. I Succcssor(s), FD is 2172416 
Routing Descriptor Blocks: 

10.1.46.6 (Scrialtt'0.46), from 10.1.46.6, Send flag is 0x0 
Composite metric is (2172416 | '28160), Route is Internal 
Vector metric: 
Minimum bandwidth is 1544 Kbit 
Total dclav is 20 1 00 microseconds 
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Reliability is 255/255 

Load is 1/255 

Minimum MTU is 1500 

Hop count is 1 
10. 1.45.5 (Scrial0/0.45), from 10. 1.45.5, Send flag is 0x0 
Composite metric is (5514496/281 60). Route :s Interna! 
Vector metric: 

Minimum bandwidth is 512 Kbit 

Total delay is 20 100 microseconds 

Reliability is 255/255 

Load is 1/255 

Minimum MTU is 1500 

Hop count is 1 

The last step in accomplishing this task is to divide the waist route by the best route 
to get the ratio: 

5,514,496/2,172,416 = 2.538 

The result is the number that must be configured using the "variance" command. 
This \ Liluu should he rounded up: in this ease (lie result is 3. 

On R4 

R4(config)rrroutcrcigrp 400 
R4 (c o n fig-r o u ter)# variance 3 



To verify the configuration: 



On K4 

R4#Show ip route cigrp 400 

10.0.0.0/8 is variably sub net ted, 12 subnets, 2 masks 
D 10.1.56.0/24 |90/2172416| via 10.1.46.6, 00:00:23, SerialO/0.46 
190/55144961 via 10.1.45.5, 00:00:23, SerialO/0.45 
ISO. 1.0.0/24 is subnetted, 5 subnets 
D 150.1.6.0 190/22978561 via 10.1.46.6, (I 
190,56424961 via 10.1.45.5,(1 
D 150.1.5.0 |90/2300416| via 10.1.46.6, 
|905639936| via 10.1.45.5,00; 



23, SerialO/0.46 

23, Seri a 10 0.45 
23, Seri a 10 0.46 
23, Se rial 0.45 
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Task 7 

Configure Rl to disable the SI A timer for AS 300 and set the SI A timer to 60 minutes for 
AS LOO. 



On Rl 

Rl (config)* Router eigrp 1(1(1 

Rl (config-routcrYf* timers active-time 60 

R I (c n tlg-ro u t cr ) * Ro u ter ei g r p 3 (HI 

Rl (config-routcr)#iimers active-time disabled 



TaskS 

Configure authentication for all the routers, in AS 300 and set the passwords as follows: 

> R 1 and R2 should use "Cisco 1 2 :r . 

> Rl and R3 should use "Cisco 13". 

> R 1 and R4 should use "Cisco 1 4". 



To configure authentication between Rl and R2: 

On Rl and \U 

( eoniig)* Key c hain Rl - 2 
(config-kcyehain)# key 1 
(config4ccychain - key )f#kcy- string Cisco 12 

On Rl 



Rl(eonfig)#intS0,'0.12 

R lfconfig-s uta if)#ip authentication key -chain eigrp 300 Rl-2 

Rl (config-subit)#ip authentication mode eigrp 300 md5 

On R2 

R2i;conl1g^int SO/0.21 
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R2(config-subif)#ip authentication key-chain cigrp 300 Rl-2 
R2(config-subif)#ip authentication mode cigrp 300 md5 

To test the configuration: 

On R2 

R_"Sho\v ip route cigrp 300 

1.0.0.0/22 is sub netted, 1 subnets 
D 1. 1.0.0 [90,2297856] via 10.1.12.1, 00:00:19, ScrialO/0.21 

10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks 
D 10. 1.14.4/32 [90,4729856] via 10.1. 12.1, 00:00:19, ScrialO/0.21 
D I ft 1.14. 024 [ 90,4 72 9 8 5 6 J v ia 1 . 1 . 1 2 . 1 , 00 : 00 : 1 9 , Scria IQ'0.21 
D 10. 1.13.3/32 [90/4729856] via 10.1.12.1, 00:00:19, ScriaRTO.21 
D 10. I.I 3 24 [90 4729856] via 10.1.12.1, 00:00:19, ScrialO/0.21 
D 1 0. 1 .3.0/24 [90, 26844 1 6] via 10. 1 .12.1 , 00:00: 1 9, ScrialO'0.2 1 
D 1 0. 1 .4.0:24 [90/47324 1 6] via 10. 1 .12.1 , 00:005 1 9, ScrialO'0. 2 1 
D 10.1.100.0/24 [90,2681856] via 10.1.12.1,00:00:19, ScrialO/0.21 

150. 1.0.0 24 is subnetted, 4 subnets 
D 150.1.4.0 [90/4857856] via 10.1.12.1, 00:00:19, Scrialtt'0.21 
D 150.1.3.0 [90 2809856] via 10.1.12.1, 00:00:19, Scriaia.'0.21 

A "Shum ip eiyrp interface detail" command can also he used to verify the 
authentication. 

R2sShow ip cigrp inter detail ' B ScO 0.2 1 

ScO'O.21 I O'O 109 15 575 

Hello interval is 20 sec 
Next xmit serial <nonc> 

L'n" reliable mcasts: 0,0 Unreliable ucasts: 39 '33 
Mcast exceptions: CR packets: ACKs suppressed: 14 
Retransmissions sent: 3 Out -of- sequence revd: 3 
Authentication mode is md5, key-chain is "Rl-2" 
Use unieast 

To configure authentication h clue en Rl and R3: 

On kl and k3: 

(config)#kcy chain Rl-3 
i'confjg-kcycbain)#kcy 1 
f config-k eye hain- key )# key -string Cisco 13 
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On Kl 

Rl (config)#int v irtual- tempi ate 1 3 

R 1 (con fig- if )#ip authentication key-chain cigrp 300 Rl-3 

R 1 (con fig- if )#ip authentication modecigrp 300 md5 

Rl(config-ityintSO/l 

R 1 (con fig- if)#ip authentication key-chain cigrp 300 Rl-3 

Rl(config-if)#ip authentication modecigrp 300 md5 

On R3 

R 3 (c o n fig)# in t v irt ual- temp 1 atc3 I 

R3iconfig-if)#ip authentication key-chain cigrp 300 Rl-3 

R 3 (con fig- if)rrip authentication modecigrp 300 md5 

R3(config-kcychain-kcy)#int SO/ 1 

R3(config-if)#ip authentication key-chain cigrp 300 Rl-3 

R3(config-if)#ip authentication modecigrp 300 md5 



In test the configuration: 



On K3 

R3r^Sho\v ip route cigrp 300 

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
D I.I .0.0 22 [90/229785 6 J via 10. 1 .1 00.1 , 00:00:1 7, ScrialO/ 1 
D 1. 1 . 1 .0 24 [90 .'229785 6 J via 10. 1.100,1, 00:00:17, ScrialO/ 1 

10.0.0.0:8 is variably subnettcd, 9 subnets. 2 masks 
D 1 0. 1 . 1 4. 4/32 [ 90.4 72 9 8 5 6 ] v ia 1 . 1 . 1 00 . 1 , 0: 00 : 1 7 , ScrialO/ 1 
D 1 0. 1.14. 0/24 [90/4729 856 J via 10. 1. 100. 1 , 00:00: 1 7, ScrialO/ 1 
D 1 0. 1 . 1 2.0/24 [90/268 1 856] via 1 0. 1. 100. 1 , 00:00: 1 7, ScrialQ-i 
D 10. 1 2.0/24 [90/26844 1 6J via 10.1.1 00. 1 , 00:00: 1 7, ScrialO'l 
D 1 0. 1 .4.0/24 [90/47324 1 6] via 10. 1 . 1 00. 1 , 00:00: 1 7, ScrialO/ 1 

150.1.0.0/24 is subnettcd, 3 subnets 
D 150.1.4.0 [90/4857856] via 10.1.100.1, 00:00:17, ScrialO/ 1 
D 150. 1.2.0 [90/2809856] via 10.1.100.1,00:00:17, ScrialO/ 1 

R3#Show ip cigrp 300 neighbors 

1P-E1GRP neighbors lor process 300 

H Address Interface Hold Uptime SRTT RTO Q Scq 
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(sec) (ms) 
1 10. I.I 3.1 V12 1000:00:27 132 
1 0.1.1 00.1 ScO/1 66 00:06:08 32 

To configure authentication between Rl and R4: 


Cnt Num 

792 227 
200 223 


On Rl and R4: 





( coniig)#kcy c hain R 1 -4 
(config-kcychain)#kcy 1 
(coniig-kcychain-kcy )#key -string Cisco 1 4 

On Rl 



R I ( c o n fig)rr in t v irt ual- temp 1 ate 1 4 

Rlfconfig-if^ip authentication key-chain cigrp 300 Rl-4 

R I (config-if)#ip authentication mode cigrp 300 md.5 

On R4 

R4 fc o n fig)# in t v irt ual- temp 1 at c4 I 

R4(config-if)#ip authentication key-chain cigrp 300 Rl-4 

R4(ct)nfig-if)rrip authentication mode cigrp 300 md5 



To verify the configuration: 



On R4 

R4#Show ip route cigrp 300 

1.0.0.0/8 is variably subnettcd. 5 subnets, 2 masks 
D I.I .0.0/24 [90/271 3600] via 10. 1.14. 1 , 00:0027, Virtual- Access? 
D LI. 0.0 22 [90 271 3600 J via 10.1.14.1, 00:0027, Virtua!-Acccss2 



D 1. 1.1.0 24 [90 2713600 
D 1.1.2.0 24 [90 2713600 



via 10. 1.14.1, 00:0027, Virtual- Ac ccss2 
via 10 J .14.1,00:0027, Virtual- Ac ccss2 
D I.I .3.0 24 [90 .271 3600 J via 10.1.14.1,00:0027, Virtual- Ac ccss2 

1 0.0.0. 0'8 is variably subnettcd, 12 subnets, 2 masks 
D 10. 1.13.3/32 [90/5145600] via 10.1.14.1, 00:00:27, VirtLial-Acccss2 
D 10. 1.13.0 24 [90/5145600] via 10.1.14.1, 00:00:27, Virtual- Ace css2 
D 10. 1.12.0 24 [90 4729856] via 10.1.14.1,00:00:27, Virtual-Acccss2 
D 1 0. 1 .3.0. 24 [90/47324 1 6] via 10. 1.14.1, 00:00:27, Virtual- Ac ccss2 
D 1 0. 1 .2.0 24 [90/47324 1 6] via 10. 1 .14.1 , 00:00:27, Virtual- Ac ccss2 
D 10. 1.100.0/24 [90/4729856] via 10.1 . 14. 1, 00:00:27, Virtual- Ace ess2 



CCIE R&S by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 4l4aflQ68 

C 2009 \ar bit Kucha runt All riflhu rcirncd 





150.1.0.0/24 is sub net ted 5 subnets 












D 


150. 1.3.0 [90 


4857856' via 


10.1. 


14. 1.00:00 


:29, Virtual-Acccss2 


D 


I5CM.ZO[90 


'485 7856] via 


10.1. 


14. \, 00:00 


:29 5 Vi 


rtual-Acecss2 


R4#Shmv ip cigrp 1 


'00 neighbors 














1P-E1GRP neighbors for process . 


m 












H 


Address 


Interface 


Hold Uptime 


SRTT 


RTO 





Scq 








(see) 


(ms) 




Cnt 


N'um 





10.1. 14.1 


Vi2 


12 


00:01:16 


1311 


5000 





246 



Task 9 

BB2 should be configured such that it advertises E1GRP routes with greater than 1 1 
hops as unreachable. 



To see the default setting: 
On BB2 

BB2#Sho\v ip protocols | Ine E1GRP maximum 

EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

To coniiizuri 1 tht 1 task; 

On BB2 

BB2(config')#routcr cigrp 200 

B B2 (con fig -routcr)#mc trie maximum-hops 110 

The above command "ill advertise the routes with a hop count higher than 110 as 
unreachable, the default setting is 100 hops, and it can be increased up to 255. 

To verify the configuration: 



On BB2 



BB2#Show in pro toco. Inc EIGRP maximum 
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EIGRP maximum hopcount 1 1(1 

EIGRP maximum metric variance 1 



I ask 10 

The administrative distance of all the routers in AS 200 should be configured as follows: 

Internal = 95, External = 138 



To see the default .setting: 

On R2 

RZsShow ip protocol Inc Distance 

Gateway Distance Last Update 

Distance: internal 90 external 170 

To change I lie default values: 

On R2 

R2(config)#routcrcigrp 200 
R2i;conf]g-routcr)#distance eigrp 95 138 

On BB2 

BB2(config)#routar eigrp 200 
BB2(config-rautcr)r*distance eigrp 95 138 

The first value after the ''distance eigrp"" command specifies the administrative 
distance of Eigrp internal routes and the second value specifies the administrative 

distance of Eigrp external routes. 

To verify the configuration: 

On R2 

R2#Show ip protocols Inc Distance 
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Gateway Distance La si Update 
Distance: internal 95 external 138 

Gateway Distance Last Update 
Distance: internal 90 external 1 70 






Task 1 1 

BB2 should be configured to use 30 percent of it's F0/0 link for exchanging updates. 






On BB2 

BBIfconfig^intfO/O 

BB2(config-it>ip ha ndwidth -percent eigrp 200 30 






Task 12 

BBI should be configured to use 1 5 Mbps of its links bandwidth for exchanging updates. 
You should NOT use the solution from the previous task to accomplish this task. 






On BBI 

BBl(config)#intfaO 

BB 1 (config-if>bandw idth 30000 

By default Eigrp utilizes 50% of the bandwidth, if you multiply the desired value by 
two (In this case 30 Mbps) and set the bandwidth of the interface to that number, 
Eigrp will use half of that number which is the desired value. NOT recommended as 
the first choice, your first choice should be the solution from the previous task, 
unless the use of the "IP Bandwidth-percent'" command is prohibited. 




cc 


Task 13 

BBI should be configured to receive routes from Rl and it should not advertise any 
routes to Rl . You should NOT use any global configuration command as part of the 
solution in accomplishing this task. 
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Note Rl is receiving a single route from BBI : 

Rli*Sh ip route cigrp 100 

150. 1.0.0/24 is subnetted 5 subnets 
D 150.1. 1 1 1.0 [9025600] via 10.1.11 1 . 1 I 1 r 03:20:34, FastEthcmctO. 

To configure the tusk: 

On BBI 

BB 1 (config)# router cigrp 100 

BB1 (config-routcr)#eigrp stub receive-only 

To verify the cont'iauratinn: 

On Rl 

Rl#Sho\v ip cigrp 1 00 neighbors 

1P-E1C3RP neighbors for process 100 

H Address " Interlace Hold Uptime SRTT RTC) Q Scq 

(sec) (ms) Cnt Num 

I HI. I I I.I I I FaO/0 1100: 00:48 1 200 13 

On BBI 



BBI^Show ip route cigrp 100 

150. 1 .0.0/24 is subnetted, 2 subnets 
D 1 50. 1. 1. [90 .'85248] via 10. 1. 1 1 1 . L 00:02:3 1 , FastEthcmctO 

Note BBI only receives mutes from Rl and it does NOT advertise any routes to Rl, 
but the neighbor adjacency is maintained. 



Task 14 

■Configure Loopbaek 1 (151.1.1 12. 112 .'24) interface on BB2 and advertise this route in 
AS 200. This route should appear in the routing tabic of the routers in this Autonomous 
System as external. 
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On BB2 

BB2(config)#int lol 

BB2(config-it>ip addr 151.1.1 12 1 12 255.255.255.0 

BB2(config)#acccss-list 1 permit 151. 1.112.0 0.0.0.255 

BB2(config)#Routc-map "1ST permit 10 
BB2(contlg-rautc-map)#match ip addr 1 

BB2(coniig)#routcr eigrp 200 

B B2 (con fig -routcr)r*rcd is tribute connected route-map TST 

To verify the configuration: 

On R2 

R2"Sho\v ip route eigrp 200 

151.1.0.0/24 is subnelled, 1 subnets 
D 151.1.112.0 [95/130560| via 10.1.112.112, 00:00:57, FastEthemetO/0 

150.1.0.0/24 is subnetted, 4 subnets 
D 150.1.1 12.0 195: 130560] via 10. 1.1 12.1 12,00:10:45, FastEthernctO/0 

Note the reason this network did NOT yet injected as an External route is because 
of the way BB2 is configured, the following reveals Eigrp' s configuration of BB2: 

BB2#Sh run S router eigrp 

router eigrp 200 

redistribute connciuedToutc-map TST 

network 0.0.0.0 

metric maximum- hops 1 1 

metric weight s 10 

distance eigrp 95 138 

no auto -summary 

The network statement instructs Eigrp to advertise existing and the future 
configured interfaces in Eigrp AS 200, these routes are internal to Eigrp's AS. Since 
Internal takes precedence over External routes, the network shows up as an 
Internal route, to correct this problem, you should reconfigure the network 
command on BB2 as follows: 

BBZfconfig^routcr eigrp 200 
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BB2(config-routcr)#NO netw 0.0.0.0 
BB2<config-router)#netw 1 0.1.112.112 0.0.0.0 
BB2(config-routcr)#nctw 150.1.1 12.1 12 0.0.0.0 

To verify the configuration: 

On R2 

R2*Ship route cigrp 200 

151. 1. 0.0/24 is subnetted, 1 subnets 
DEX 15 1.1.112.0 [138/1305601 via 10.1.1 12.1 12, 00:01:16, FastEtliernetO/O 

150.1.0.0/24 is subnetted, 4 subnets 
D 1 50. 1 . 1 1 2. [95 1 30560] via 10. 1.1 1 2. 1 1 2, 00:0 1:10, FastEthernctO/0 






Task 15 

Configure a static mute on BB2 ib r network 160.1.112.0 /24 using nu 110 interlace as the 
next hop: this route should be redistributed on BB2. Ensure that existing and future 
redistributed routes arc assigned the following metric: 

Bandwidth =1500 
Load = I 
Delay = 20000 
Reliability =255 
MTU = 1500 






On BB2 

BB2(config)*ip route 160.1.112.0 255.255.255.0 nullO 

BB2 (con figure Liter cigrp 200 

BB2(config-routcr)#dctkuk- metric 1500 20000 255 1 1500 
B B 2 (co n fig-ro utar)# red is tribu tc static 

To verify the configuration: 

On R2 

R 2- Show in route cigrp 200 
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[60.1.0.0/24 is subletted, 1 subnets 

DEX 160.1.112.01138/51225601 via HLL1 12.112, 00:00:59, F as (El heme 10/ 
151.1.0.0/24 is sub netted, 1 subnets 

D EX 151.1.112.0 IBS/1305601 via 10.1.112.112, 00:05:31, FastEtliemel(>/(> 
150.1.0.0/24 is subnetted, 4 subnets 

D 1 5(1 1.1110 [95 130560] via 10. 1 .1 1 2.1 1 2, 00:20: 14, FastEthcrnctO 

Note the default -metric command ONLY affects the static and other redistributed 
routes but NOT the connected. 






Task 16 

Configure BB2 such that it ONLY advertises routes that arc redistributed and connected 
networks that arc advertised in Eigrp routing protocol. You should NOT use any global 
€ on iigu ration command as part of the solution to accomplish this task. 






On BB2 

B B2 (con fig)* Router eigrp 200 

BB2(config-rautcr)neigrp stub connected static 

To verify the configuration: 

On R2 

R2 s Sho\v ip route eigrp 200 

160.1.0.0 24 is subnetted, I subnets 
D EX 160.1.112.0 [138/5122560] via 10. 1.1 12.1 12, 00:01:02, FastEthcrnctO/0 

151. 1.0.0/24 is subnetted, 1 subnets 
D EX 151.1.112,0 [138/130560] via 10.1.112.112,00:00:05, FastEthcrnctO/0 

150.1.0.0/24 is subnetted, 4 subnets 
D 150.1.1 12.0 [95/130560] via 10.1.1 12.1 12,00:01:02, FastEthcrnctO/0 

Note the directly connected and ALL redistributed routes are advertised to R2. 
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[ask 17 

Configure R5 NOT to log changes in E1GRP neighbor adjacency, 






By default Eiyrp logs changes in Eigrp neighbor adjacencies. If this is not needed, 
this feature can he disabled using the following configuration: 

On R5 

R 5 icon figure utcr eigrp 400 
R5(config-routcr)#NO eigrp log-neighbor-changes 






Task 18 

Configure R6 to log neighbor warning messages for the Eigrp 400 and repeat the warning 
message every 5 minutes. 






To enable the logging of "Eigrp neighbor warning messages'' you must enter "eigrp 
log- neighbor-learnings" command under the router eigrp process. This naming 

message can be repeated based on the number of seconds configured. 

By default, neighbor naming messages are logged. If this behavior needs to be 

changed, then "no eigrp log-neighbor-iiarning'" message must be used. 

On R6 

R6 (c o n fig-s ub if )#ro utcr eigrp 4 

R6 ( co nfig-ro Liter)?* eigrp log -neigh bor-ii a rning 3 0(1 






Task 19 

Configure R3 to add 50 to the composite metric of all routes received through it's SO 1 
interface from router R I . 






The following slums the composite metric of all the mutes received from Rl: 
Rjr^Show ip route eigrp 300 
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1.0.0.0/8 is variably subncttcd, 2 subnets. 2 masks 
D 1.1.0.022 [9 0/2297 8 5 6] v ia 1 . 1 . 1 00 . 1 , 00:0*2 8 , Serial 1 
D I.I.I. 0/24 [90/229 7 8 5 6] j via 10 . 1 . 1 . 1 , 00 :04:2 8 , ScrialO/ 1 

IO.O.O.G'8 is variably subncttcd. 9 subnets. 2 masks 
D I ft 1 . 1 4.4/32 [90.4729856] via 10. 1. 100. 1 , 00:04:28, ScrialQ-i 
D 10. 1.14.0/24 [90/4729856] via 10. 1. 100. 1 , 00:04:28, ScrialO/1 
D 10.1.12.0/24 [90/2681856] via 10.1. 100.1,00:04:28, ScrialO/i 
D 10.1.2.0/24 [90/2684416] via 10.1.100.1, 00:04:28, ScrialO' 1 
D 1 0. 1 .4.0 '24 [90/47324 1 6 J via 10. 1 .100. 1 , 00:04:28, ScrialO/ 1 

150. 1 .0.0/24 is subncttcd, 3 subnets 
D 150.1.4.0 [90/4857856] via 10.1.100.1, 00:04:28, ScrialO.i 
D 150. 1.2.0 [90/2809856] via 10.1.100.1,00:04:28, ScrialO.i 

I i) configure Khirp to add 50 to tin. 1 existing cum po situ metric: 

On K3 

Offset-list can be configured to reference an access-list, which references a 
network's. If the offset -list references "0" instead of an access-list number, the offset 
value applies to all the mutes received through the specified in ted ace. In this case 

SO ' 1 . 

R3(config)#routercigrp 300 

R3 (c on fig- router)* offset -list in 50 SO/1 

'1'n verify the configuration: 

On K3 

R3*Sh ip route cigrp 300 

1.0.0.0/8 is variably subncttcd, 2 subnets, 2 masks 
D 1. 1 .0.0 22 [90 2297906] via 10. 1.100.1, 00:00:1 6, ScrialQi 
D 1. 1 .1.0/24 [90/2297906] via 10. 1.100.1, 00:00:1 6, ScriaRTi 

10.0.0.0'S is variably subncttcd, 9 subnets, 2 masks 
D 10. 1 .14 4/32 [90*4729 906] via 10.1.1 00. 1 , 00: 00: 1 6, ScrialO-'' 1 
D 10.1. 1 4. 0' 24 [ 9 47 2 9 9 6 ] v ia 1 . 1 . 1 00 .1,0 0: 00:16, ScrialO-' 1 
D 10.1.12.0/24 [90 2681906] via 10.1.100.1,00:00:16, ScrialO.-' 1 
D 10. 12.0/24 [90 2684466] via 10. 1.100.1 , 00:00:16, ScrialO/1 
D 10. 1.4.0/24 [90 4732466] via 10.1.100.1, 00:00:16, ScrialO' 1 

150.1.0.0/24 is subncttcd, 3 subnets 
D 150. 1.4.0 [90 4857906] via 10.1.100.1,00:00:16, ScrialO/1 
D 1 50. 1.2.0 [90 2809906J via 10.1. 100. 1,00:00: 16, ScrialO.i 
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Note a cost of 50 is added to the composite metric of all routes received through SO/1 
interface. 



Task 20 

Configure R4 to perform a mutual redistribution between AS 300 and 400. 



On K4 

R4(config)#ro utcr cigrp 400 
R4(config-routcr)#redistribute eigrp 300 

R4(config-routcr)#routcr cigrp 300 
R4(config-routcr)n : redistribute eigrp 400 

To tt'st the eonfisniration: 

On R2 

R2r ! Sho\v ip route cigrp 300 

1.0.0. (122 issubnetted, 1 subnets 
D 1. 1.0.0 [902297856] via 10.1.12.1, 03:36:16, ScrialO/0.21 

IO.O.O.G'8 is variably subnet ted, 13 subnets, 2 masks 
D 10. 1.14.4 32 [90/4729856] via 10.1.12.1, 00:36:16, ScrialO/0.21 
D 10. 1.14.0.24 [90/4729856] via 10. 1.12 J, 00:36:16, ScrialQ/0.21 
D IQ.1.1 3. 3 32 [90/4729856] via 10. 1. 12.1 , 00:36: 1 6, SerklQ/0.21 
D 1 0. 1.13. 0/24 [90/4729856] via 10. 1.12.1, 00:36: 1 6, ScrialO/0.21 
D 10. 1.3.0 24 [90/2684416] via 10.1.12.1, 00:05:09, ScriaKl'0.21 
D 1 0. 1 .4.0/24 [90/47324 1 6 J via 10. 1 .12.1 , 00:36: 1 6, ScriaKl''0.2 1 
D EX 10.1.46.0/24 [170/5241856] via 10.1.12.1, 00:00:59, ScrialO'0.21 
D EX 10.1.45.0/24 [170. 8583936] via 10.1.12.1,00:00:59, ScriaKl''0.21 
D EX 1 0.1.56.0/24 [170/5244416] via 10.1.12.1, 03:00:59, ScriaKl''0.21 
D 1 0. 1 . 1 00.0 24 [90/268 1 856J via 1 0. 1.12.1, 00: 1 5:34, ScrialO-0.21 

150. 1 .0.0/24 is subnetted, 6 subnets 
D EX 150.1.6.0 [170/5369856] via 10.1.12.1, 00:00:59, ScrialOO.21 
D EX 150.1.5.0 [170/53724 16] via 10.1.12.1, 00:01:00, Serial 0/0.21 
D 1 50. 1.4.0 [90/4857856] via 10.1 . 12. 1, 00:36:17, ScrialMUl 
D 150. 1.3.0 [90/2809856] via 10.1 . 12. 1, 00:05:10, Scriaia'0.21 
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Task 2 1 



Configure R2 to inject a detank route into AS 200; you should NOT configure any global 
configuration command as part of the solution to accomplish this task. 



On R2 

R2(config)#intfO/0 

R2iconfig-if)#ip summary -address eigrp 2(H) 0.0.0.0 0.0.0.0 



To verify the configuration: 



On BB2 

BB2#Show ip route eigrp 

D* 0.0.0.0 [95 5120] via 10. 1 .1 12.2, 00:01:05, FastEthcrnctO 



task 22 

Configure Rl to perform a mutual redistribution between AS 100 and AS 300, in the 
future there will be another redistribution point, this router should be configured to 
prevent feed back routes when the second redistribution point is added. 



The routing table of RBI is checked before the configuration: 

BBl#Sh ip route cigrp 

150.1.0.0/24 is subnetted, 2 subnets 
D 1 50. 1.1.0 [90/85248] via 1 0. 1 . 1 1 1 . 1 r 00:49:49, FastEthcrnctO. 



On Rl 

Rl(config)#Route-map 100-300 den\ 10 
Rl(config-routc-map)#match tag 300 
R 1 (c o n fig )£ Ro u t c- map 1 (I- 3 (I (I pcrmjllQ- 
Rl (con fig-route* map )#set lag 100 

R 1 (c o n figJ#Ro u tc- map 30 0- 1 00 de in 10 

Rl (con fig-route- map)* match tag 100 
Rl(config)#Routc-map 300-100 permit 20 
Rl(config-routc-map)"Set tag 300 *" 




Note tag 100 is set and 
then denied in the other 
mute-map 



The same is performed for tag 300 
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Rl (config-routc-map)r*rautcr cigrp 100 

R] (config-routcr)f*rcdistributc cigrp 300 mute-map 300-100 

R 1 ( c o n ilg-ro u t cr ) U Res ut cr cigrp 3-0 

Rl (confignroutcr)# red is tribute cigrp 100 route-map 100-300 

'i'o verify the configuration: 



On BB1 

BBl^Show ip route cigrp 

1 .0.0.0' 8 is variably sub net ted. 5 subnets. 2 masks 

D EX 1 .1.0.O/24 [170/85248] via 10.1.11 1. !, 00:00:37, FastEthcrnctO 

D EX 1 . 1 .0.0/22 [170/85248] via 1 0. 1. 1 1 1 . 1, 00:00:37. FastEthcrnctOO 

D EX 1 .1.1.0/24 |170/85248] via 10. 1.1 1 1 . 1, 00:00:37, FastEthcrnctO 

D E X 1.1 2.0/24 [ 1 70/8 524 8 ] v ia 1 . 1 . 1 1 I . I , 00 : 00 : 3 7 , Fast E t h crnct .0 

D EX 1.1 .3.0 24 [170/85248] via 10. 1. 1 1 1 . 1, 00:00:37, FastEthcrnctO. 

10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks 

D EX 1 0.1.14.4/32 [170/85248] via 10.1.111.1, 00:00:37, FastEthcrnctO 

D EX 1 0.1. 14.0/24 [170/85248] via 10.1. 1 1 1.1, 00:00:37, FastEthcrnctO 

D EX 10.1. 1 3.3, 32 [170/85248] via 10.1.11 1.1, 00:00:37, FastEthcrnctO 

D EX 1 0. 1 . 1 3.0/24 [170/85248] via 1 0. 1 . 1 1 1 . 1 , 00:00:37, FastEthcrnctO 

D EX 1 0. 1 .12.0/24 [170/1657856] via 10. 1.111.1, 00:00:37, FastEthcrnctO 

D EX 1 0. 1 .3.0 24 [170/1657856] via 10. 1 .1 1 1.1,00:00:37, FastEthcrnctO. 

D E X 10. 1 .2 . 0/24 [ 170/ 1 6 5 7 8 5 6] via 1 . I . I I 1 . 1 , 00 : : 3 7 , FastE t her nctO/0 

D E X 10.1 .4.0/24 [ 170/8 524 8 ] v ia 1 . 1 . 1 I 1 . 1 , 0:0 : 3 8 , FastE .thcmctO/0 

D EX 1 0.1 .46.0/24 [170i657856] via 1 0. 1 . 1 I ! . 1 , 00:00:38, FastE thcrnct 0/0 

D EX 1 0.1 .45.0/24 [170.4999936] via 10.1.111.1, (11:00:38, FastEthcrnctO 

D EX 1 0.1. 56.0/24 [170/1657856] via 1 0. 1 . 1 1 1 . 1 , (11:00:38, FastE thcrnctO/0 

D EX 1 0.1.100.0/24 [170/1657856] via 10.1.1 1 1.1, 00:00:38, FastE thcrnctO/0 

150. 1 .0.0/24 is sub net ted, 7 subnets 

D EX 150. 1 .6.0 [ 170/ 1 657856] via 10.1. 11 1.1, 00:00:38, FastEthcrnctO 

D EX 150. 1 .5.0 [ 170/1 657856] via 10.1 .111.1, 00:00:38, FastEthcrnctOO 

D EX 1 50. 1 .4.0 [ 170/85248] via 10. I . I I 1 . 1 , 00:00:38, FastE thcrnctO-'O 

D EX 150. 1.3.0 [ 170/1 657856] via 10. 1 . I i I . I, 00:00:39, FastE thcrnctO/0 

D EX 150.12.0 [170/1657856] via 10.1.11 1.1, 00:00:39, FastEthcrnctOO 
D 1 50. 1. 1.0 [90/85248] via 10.1.11 1. 1 ,00:53:22, FastEthcrnctO. 

On K6 

R 6* Show ip route 

1. 0.0.0.' 8 is variably sub net ted. 5 subnets. 2 masks 
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D EX 1 .1 .O.0'24 [170/4857856J via 10.1 .46.4 00:1 6:1 5, ScrialO/0.64 






D E X 1 .1 .0.0 22 [1 70/4 857856J via 10.1.46.4, 00:16:15, SerialO/0 .64 






D E X 1.1.1. 24 [1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4 0: 1 6 : 1 5 , Sen alO/'O .64 






D E X 1.1.2. 024 [ 1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4 00: 1 6 : 1 5 , Scrial0/0 .64 






D E X 1.1.3. 024 [ 1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4, 0: 1 6 : 1 5 , ScrialO/0 .64 






10.0.0. 0'8 is variably subnetted, 13 subnets, 2 masks 






D EX 1 0. 1 . 1 4. 1/32 [170/4729856] via 1 0. 1 .46.4, 00: 16:15, ScrialO'O. 64 






D EX 1 0.1.14.0/24 [170/4729856] via 10.1.46.4, 00:16:15, Serial0/0.64 






D EX 10.1.133/32 [170/7289856] via 10.1.46.4, (11:16:15, ScrialO'O. 64 






D EX 10.1.1 3.0 24 [170/7289856] via 10.1.464, (11:16:15, ScrialO'O. 64 






D EX 1 0.1.12.0/24 [170/5241856] via 10.1.46.4, 00:16:15, ScrialO/0.64 






D EX 1 0. 1 .3.0'24 [ 170/52444 1 6] via 10. 1 46.4, 00: 1 6: 1 5, ScrialO/0.64 






D EX 1 0.1 2.W24 [ 170/52444 1 6] via 10. 1 .46.4, 00: 16:15, ScrialO/0.64 






D E X 1 . 1 .4 . 0'24 [ 170/2 1 7 24 1 6] v ia 1 . 1 4 6 . 4, 00: 1 6 : 1 6 , Seria 10/0 .64 






D 10. 1 .45.024 [90/2 1 724 1 6] via 1 0. 1.56.5, 02:39:08, FastEthcrnctO/0 






D EX 10.1.1 1 1.0/24 [170/4732416] via 10.1.464, 00:01:52, Serial 0/0. 64 






D EX 10.1.100.0/24 [170/5241856] via 10.1.46.4, 00:16:16, ScrialO/0.64 






150.1.0.0/24 is subnetted, 6 subnets 






D 150.1.5.0 [90/156160] via 10.1.56.5,02:39:08, FastEthcrnctO/0 






D EX 150.14.0 [170'2297856] via 10.1.46.4, 00:16:16, ScrialO/0.64 






D EX 150.1.3.0 [170/5369856] via 10.1.46.4, 00:16:16, ScrialO'0.64 






D EX 150.1.2.0 [17Q.'5369856j via 10.1.46.4, 00:16:16, ScrialO/0.64 






D EX 150.1.1.0 [170.4857856] via 10.1.46.4, 00:01:54, ScrialO/0.64 






This method is one of the most effective methods used nhen redistribution betxveen 






different routing domains occur. In this method, the routes are tagged as they are 






redistributed and the tags are denied when they are redistributed back. 




Task 23 


Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 2 - Advanced EIGRP Stub Configuration 



10.1. 12 2, '24 




A/ 



SO.' 0.41 




H 



SQ'0.12 10. 1.1 2.0 .'24 
SO.' '0.1 3 10.1.13.0 .'24 
SO'0.14 10.1.14JO/24 




10.1.13.3 .'24 



SO.' 0.31 




SO.' "0.45 13.1.45.4:24 



405 




504 



SO.' 0.54 13.1 .4 5. 5. '24 




L.al* Set up: 



• Configure all frame-relay connections in a point-to-point sub- interface manner. 

• Use the IP addressing chart below tor IP address assignment 
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II* Addressing: 



Router 


Interface / IP address 


Cnnneetin" to router: 


R] 


SO/0.12-10.1.12.1/24 
SO/0.13-10.1.13.1/24 

SO '0.14- 10.1.14.1 '24 
Loopback 0-1.1.1.1/24 


R2 
R3 
R4 


r: 


SO 0.21 - HI I.I 2.2 24 


R I 


R3 


SO 0.31 -10.1.13.3 24 


R] 


R4 


SO 0.41 -10. 1. 14.4/24 
SO 0.45- 10.1.45.4 24 


Rl 
R5 


R5 


SO/0.54-10.1.45.5/24 
Loopback 2 -2.2.2.2/24 
Loopback 3 -33.3.3/24 


R4 



1 ask I 

Configure OSPF area on the following routers' interfaces; ensure that the loopback 
interfaces arc advertised with their correct mask: 



Router 


1 ntert'aee 


R4 


SO U.4f 


R5 


SO/0.54 
Loopback 2 
Loopback 3 



On R4 

R4 (c o n fig)#ro titer o sp f I 
R4i;config-routcr)#nctw 1 0. 1.45.4 0.0.0.0 area 

On R5 

R5(config)#int ta2 

R 5 (con fig- if)r#i p o sp f nctw po in t-to -no i nt 

R5(config-if)#int lo3 

R 5 ( c o n fig- if)#i p o sp f nctw po in t-to -po i nt 

R5(config)#routcr ospf 1 
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R5i;contlg-routcr)#nct\v 10.1.45.5 0.0.0.0 area 
R5(conflg-roLitcr)#nct\v 2.12.2 0.0.0.0 area 
R5(conflg-routcr)#rictw 3.3.3.3 0.0.0.0 area 



To verify the configuration: 



On R4 

R4r*Shcnv ip route ospi" 

2 .0.0. 0/24 is subnetted, 1 subnets 
2.2J2.0 [110/65J via 10.1.45.5, (30:01:18, Serial 0.45 

3.0.0.0'24 is subnetted. I subnets 
3.3.3.0 [110/65] via 10.1.45.5, 00:01:18, ScrialO'0.45 



Task 2 

Configure Eigrp 100 on the following routers' interlaces, disable auto summarization: 



Router 


Interface 


Rl 


SO 0.12 
SO 0. 1 3 
SO 0. 1 4 
Loopback 


r: 


SO 0.21 


R3 


SO 0.3 1 


R4 


SO 0.41 



On Rl 








Rl (conflg)#routcr eigrp 
R I ( c o n tig -r o u ter)# no aL 
R 1 feontlg-routcr)r*nct\v 
R 1 ( c o n tlg-ro u t cr ) S net w 
R 1 (c ontlg-rou tcr)#net\v 
R 1 (contlg -router)?* nctw 


1 00 

10.1.12.10.0.0.0 
10.1.13.10.0.0.0 
10.1.14.10.0.0.0 
I.I. 1.1 0.0.0.0 


On R2 
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R2(cont"ig)r#roLUcrcigrp 100 
R2 (con fig -router)?* no au 
R2(contlg-routcr)r*nctw 10.1.12.2 0.0.0.0 

On K3 

R3 (configure Liter cigrp 100 

R3(conflg-routcr)r*no sli 

R .3 (c o n fig-ro u tcr)#nctw 10.1.13.3 0. 0.0. 

On K4 

R4 (c o n fig)#ro liter cigrp 1 00 
R4(conflg-routcr)#no au 
R4(config-rautcr)#nctw 10. 1. 14.4 0.0.0.0 

To verify the configuration: 

On K4 

R4#Show ip mute cigrp 

1 .0.0.0/24 is subnetted, 1 subnets 
D 1.1.1.0 [90/2297856] via 10.1. 14.1, 00:04:29, SerialO/0.41 

10.0.0.0.24 issubnetted, 4 subnets 
D 10.1.13.0 [90/268 1856] via 10.1.14.1, 00:14:24, ScrialQ'0.41 
D 1 0.1. 12.0 [90:268 1856J\ia 10.1. 14. 1,00: 14:24, Scnaia0.41 

On K3 

R3**Shtnv ip route cigrp 

1.0.0.0/24 issubnetted, I subnets 
D L 1.1 jQ [90,2297856] via 10.1.13.1,00:03:58, SerialO/0.31 

10.0.0.0/24 issubnetted, 3 subnets 
D 10. 1.14.0 [90/2681856] via 10.1. 13. 1, 00:14:48, SerialQttJI 
D 10. 1.12.0 [90/2681856] via 10.1.13. 1, 00:14:48, ScrialO/0.31 

On R2 

R2**Sho\v ip route cigrp 

1.0.0.0/24 issubnetted. 1 subnets 
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D 1. 1. 1.0 [.90 2297856] via 10.1.12.1, 00:03:08, ScrialO/0.21 

10.0.0.0 24 is subnet ted. 3 subnets 
D 10. 1.14.0 [90 268 1856] via 10.1.12. I, 00:15:16, Scriaia'0.21 
D 10. 1 . 1 3, [90 268 1 856; via 10.1 . 12. 1, 00: 1 5: 1 6, ScrialO/0.21 



Task 3 

Configure mutual redistribution between OSPF and E1GRP on R4: use a mctrie of your 
choice. 



On R4 

R4(config)#routcrospf 1 
R4(config-routcr)#rcd is tribute cigrp 100 subnets 

R4 (c o n figure u ter cigrp 1 
R4fct)nfig"routcr')f*rcdistributc ospf I metric I 1111 

To verify the configuration: 

On R5 

R5f* S ho w ip ro utc sp f 1 nc 

O E2 1.1.1.0 [110/20] via 10. 1.45.4, 00:06:00, ScrialO/0.54 

E2 10.1.14.0 [110/20] via 10.1.45.4, 00:07:39, ScrialO/0.54 

E 2 1 . 1 . 1 3 .0 [ 1 1 0/20 ] v ia 1 . 1 .45 .4, 00 : 7 : 3 9 , ScrialO/0 . 54 

O E2 10.1.12.0 [110/20] via 10.1.45.4, 00:07:39, ScrialO. 0.54 

On Rl 



Rl#Show ip route cigrp 

2.0.0.0/24 is subnetted, I subnets 
D EX 222.0 [170.2560512256] via 10.1. 14.4, 00:0 1:00, Scrial0/0.14 

3.0.0.0.24 is subnetted, I subnets 
D EX 3.3.3.0 [170/2560512256] via 10.1 . 14.4, 00:01:00, Serial0/0.14 

10.0.0.024 is subnetted, 4 subnets 
D EX 10.1.45.0 [1702560512256] via 10.1.14.4,00:01:00, ScrialO'0.14 
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On K2 

R2f*Show ip route cigrp 

1.0.0.0'24 is subnetled, 1 subnets 
D 1. 1. 1.0 [90-2297856] via 10.1 .12.1, 00:07:33, ScrialO 1021 

2.0.0.0/24 is subnetled, 1 subnets 
D EX 2.2.2.0 1170/25610242561 via 10.1.12.1, 00:01:51, SerialO/0.21 

3.0.0.0/24 is sub netted, 1 subnets 
D EX 333.0 1170/25610242561 via 10.1.12.1, 00:01:51, Seria 10/0.21 

10.0.0. 0'24 is subletted, 4 subnets 
D 1 0. 1.14. [90,268 1 856] via 10. 1. 12. 1 , 00: 1 9:4 1 , ScrialO/0.21 
D 10. 1.13.0 [90 268 1856] via 10. 1.12. 1,00:1 9:4 1, ScrialO/0.21 
D EX 1 0. i .45.0 [ 170/256 1 024256] via 10.1.12.!, 00:0 1:51, ScrialO, 0. 2 I 

On R3 

R3ffShow ip route cigrp 

1 .0.0.0/24 is subnetled, I subnets 
D 1. 1.1.0 L 90/2297856] via 10.1.13.1,00:10:45, ScriaK)/0.31 

2.0.0.0/24 is sub netted, 1 subnets 
D EX 2.2.2.0 |170.'25610242561 via 10.1.13.1, 00:05:02, SerialO/0.31 

3.0.0.0/24 is subnetled, 1 subnets 
D EX 333.0 1170/25610242561 via 10.1.13.1, 00:05:02, Serial0/0.31 

10.0.0. 0'24 is subnetled, 4 subnets 
D 10. 1.14.0 [90 268 1856] via 10.1.13.1,00:21:34, Scrialtt'0.31 
D 10. 1.12.0 [90/2681856] via 10.1.13.1, 00:21:34, ScrialO/0.31 
DEX I 0.1.45.0 [170 2561024256] via 10.1.13.1, 00:05:02, ScrialO 0.31 



Task 4 

Configure "Eigrp stub" on Rl such that it ONLY advertises it's directly connected 
interfaces that are advertised with a "network 1 ' command to its Eigrp neighbors. 



On Rl 

R I (c o n figjftl ro u t cr cigrp 10 

R 1 (c o n fig-ro liter) # ei g rp stub con netted 

To verify the configuration: 
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On R2 

R2#Show ip route eigrp 

1.0.0.0/24 is sub netted, I subnets 
D 1. 1 .1.0 L90 2297856J via 10.1.12.1,00:02:01, Scria 10/021 

10.0.0.024 issubnetted, 3 subnets 
D 10. 1.14.0 [902681856] via 10.1. 12. 1, 00:02:01, ScrialO/021 
D 1 0. 1 .1 3.0 [90268 1 856] via 10.1.12.1, 00:02:01, Scriaia'0.21 

On K3 

R3"Sho\v ip route cigrp 

1.0.0.024 issubnetted, I subnets 
D 1. 1 . 1 .0 L 902297856' via ! 0. 1. 1 3.1 , 00:02:41, ScrialO/021 

10.0.0.0/24 is subnet ted, 3 subnets 
D 1 0. 1.14.0 [90/268 1 856J via 10.1 . 13. 1, (K):02:41 , ScrialO/0.31 
D 1 0. 1 .12.0 [90/268 1 856] via 1 0.1 . 13. 1, 00:02:41 , ScriaKHUl 

On Rl 



R Iff Show ip route cigrp 

2. 0.0. 024 is subnetted, I subnets 
D EX 222.0 [170 256051 2256J via 10.1.14.4,00:03:25, ScrialO/0.14 

3.0.0.024 is subnetted, I subnets 
D EX 3.3.3.0 [170/2560512256] via 10.1 . 14.4, 00:03:25, ScrialO/0.14 

10.0.0.024 is subnetted, 4 subnets 
D EX ! 0.1.45.0 [1702560512256] via 10.1.14.4,00:03:25, ScrialO/0.14 

Note R2 and R3 do NOT get the redistributed routes, because of Rl's "stub 
connected'" configuration. 



Task 5 

Configure Rl such that routers R2 and R3 have networks 222.0 24 and 3.3.3.0 24 in 
their routing table. DO NOT remove the "Eigrp stub connect cd" configuration from R I to 
accomplish this task. 



To accomplish this task a "leak-map" is referenced in the '"Eigrp stub connected' 
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command. The leak-map references, a route-map called "TST'\ the route-map 
references an access-list. Any IP addresses that are permitted in the access-list is 
leaked along the connected networks. 

On kl 



Rl(config)#acccss-list 1 permit 2.2.2.0 0.0.0.255 
Rli;config)#acccss-list 1 permit 3.3.3.0 0.0.0.255 

R 1 .(c o n fig )#ro utc- map TST permit 10 
Rl I' con fig-route- map) rematch ip addr 1 

Rl (config)#routercigrp 1 00 

Rl(config-routcr)#ei|jrp stub connected leak-map TST 

To verify the configuration: 

On R2 

R2f*Show ip route cigrp | Ine EX 

D EX 2.2.2.0 [170/256 1024256] via 10. 1 .12. 1, 00:04:29, ScrialO/0.21 
D EX 33.3.0 [170/2561024256] via 10. 1.12. L 00:04:29, ScrialO/0.21 

On 1*3 

R3#Show ip route cigrp lnc EX 

D EX 222. [170/256 1024256] via 1 0. 1 . 1 3. 1, 00:00: 1 3, ScrialO/0.3 1 
D EX 3.3.3.0 [170/2561024256] via 10. 1.13. 1, 0000:13, ScrialO/'0.3I 

Note both R2 and R3 have both networks 2.2.2.0 24 and 33.3.0 24 in theii 
routing table. 



Task 6 

Reconfigure Rl such that R2 gets network 2.2.20 /24 and R3 gets network 33.3.0 .24 
ONLY. EX) NOT remove tbc"Eigrp stub connected" configuration from Rl to 
accomplish this task. 
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The access-list and the route-map TST should he removed before proceeding 
further: 

On kl 



Rl(config)#\0 access-list 1 
Rliconfig)nN() route- map TST 

We should identify the two networks using two access-lists, in this case access-list 2 
permits network 2.2.2.0 .'24 and access-list 3 permits network 33.3.(1 .'24: 

Rli;config)#acccss-list 2 permit 2.2.2.0 0.0.0.255 
Rl(config)#acccss-list 3 permit 3.3.3.0 0.0.0.255 

The next step is to configure a new route- map as follows: 

Rl(config)#ro utc-map TST permit 10 

R 1 (c o n fig-route- map )# match ip addr 2 
Rl (con fig-route- map )#match inter SO/0. 12 

R 1 (c o n fig-ro u to map )# route- map TST permit 20 
R 1 (c a n fig-ro u t c- map )# mate h ip ad d r 3 
R 1 (c o n fig-ro u t c- map )#matc h in tcr S0/0 . 1 3 

Note the route-map is already referenced by the leak-map. 
To verify the configuration: 

On R2 

R2"Sho\v ip route cigrp Inc EX 

D EX 2.2.2.0 [170/256 1024256] via 10. 1 .12. 1, 00:03:1 6, Scrial0/021 

On K3 

R3"Sho\v ip route cigrp Inc EX 

D EX 3.3.3.0 [170/256 1024256J via 10. 1.13. K 00:03:43, ScrialO/0.31 
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Task 7 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 3 - Eigrp & Default-information 



L02-4 





., 



SO; 0.32 .3 




Lab Setup: 

> Configure all frame-relay connections in a point-to-point manner. 

> Use the IP addressing and DLC1 chart below. 

IP aildrL'ssin": 



Router 


1 nt erf a c e / IP ad d ress 


DLC1 assignment 


RI 


SO 0.12 =10.1.12.1/24 
Loopback2 =2222 B 
Loopback3 = % 3 % 1 /8 
Loopback4 =4.4.4.4 S 


102 


R2 


SO/0.21 =1(1.1.12.2/24 
SO/0.23 =10.1.23.2 -24 


2(91 
203 


R3 


SO 0.32 = 10.l.">3.3 ^4 


302 
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Task 1 

Configure Eigrp on all routers and advertise their directly connected interfaces in AS 100. 
Rl should NOT advertise network 4.0.0.0 .'8 in this routing protocol. 



On Rl 

R 1 (e o n figj# Ro u t cr eigrp 1 00 

Rl (config-routcr)#no au 

Rl i;config-roLitcr)#nctw 2.2.22 0.0.0.0 

R 1 fc o n fig-ro u tcr)#nctw 3 . 3. 3 .3 . 0. 0. 

Rli;config-routcr)^nct\v 10.1.12. 1 0.0.0.0 

On R2 

RZfconfig^Router eigrp 100 
R2iconf]g-routcr)r*no au 
R2i;coni1g-roiitcr)#nct\vork 10. 1. 12.2 0.0.0.0 
R2i;config-router)#nct\vork 10.1.23.2 0.0.0.0 

On R3 

R3 (e o n fig)#Ro u t cr eigrp 1 00 
R3(cont1g-routcr)T#no au 
R3i;config-router)#nctwork 10.1.23.3 0.0.0.0 

In verify the configuration: 

On Rl 

Rl#Show ip route eigrp 

1 0.0.0. Q'24 is subnet ted, 2 subnets 
D 10.1.23.0 [90 268 1856 J via 10.1.12.2,00:01:55, ScrialO/0.12 

On R2 

R2#ShpjW ip route eigrp 

D 2.0.0.0 8 [90/2297856] via 10.1. 12.1, 00:02:21, ScrialO/021 
D 3.0.0.0 8 [90 2297856] via 10.1. 12. 1, 00:02:21, ScrialO/0 2\ 

On R3 



COE R&<> by Narbik Kuchariuiw Adt unced OOE R&S Work Book 2.11 Page 439oflQ68 

C2009 Narbik Kucha rianx All rqi lib reserved 



R3~Show :p route eigrp 

D 2.0.0.0/8 [90-2809856] via 10. 1.23.2, 00:01:57, SeriaKX'0.32 
D 3.0.0.0/8 [90-2809856] via 1 0. 1.23.2, 00:01:57, SeriaKl'Q.32 

10.0.0.0/24 is subnetted, 2 subnets 
D i 0.1. 12.0 [90,2681856] via 1 0.1.23. 2, 00:01:57, Serial0/0.32 



Task 2 

Configure Rl such that R2 and R3 use network 2.0.0.0 .-'8 as candidate default. 



On Rl 

RJ(config)Hp default -net work 2.0.0.0 
To verify the configuration: 

On Rl 

Rl-Sh ip route 2.0.0.0 

Routing entry for 2.0.0.0/8 
Known via "connected", distance 0, metric (connected, via interface), candidate default path 

Redistributing viaeigrp 100 
Routing Descriptor Blocks: 
* direct ly connected, via Loopback2 
Route metric is 0, traffic share count is I 

R l~Show ip route B Gate 

Gateway of last resort is not set 

C* 2.0.0.0/8 is directly connected. Loopback2 

C 3.0.0.0 8 is direct a - connected. Loopback3 
C 4.0.0.0 R is directly connected, Lonpback4 

10.0.0.0/24 is subnetted, 2 subnets 
C 1 0. 1 . 1 2.0 is directly connected, SerialO'O. 12 
D 10.1.23.0 [90/2681*856] via 10.1.12.2, 00:05:13, SerialO/O.1 2 

On R2 
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R2#Sho\v ip route cigrp 

D* 2.0.0.0/8 (90/22978561 via 10.1.12.1, 00:00:4 1, SerialO/1.21 
D 3.0.0.0/8 [90/2297856] via 10.1.12.1,00:07:55, ScrialO/1.21 

Note the asterisk reveals that R2 is using that network as the candidate default. 

On K3 

R3*Sh ip route ci^rp 

D* 2.0.0.0/8 [90/2809856] via 10.1.23.2, 00:00:23, ScrialO'0.32 
D 3.0.0.0/8 [90/2809856] via 1 0, ! .23.2, 00:0 1 :39, ScrialO/0.32 

10.0.0.0/24 is subnet ted 2 subnets 
D 10. 1.12.0 [90/268 1 856] via 10.1.23.2, 00:01 :39, Scrialtt'0.32 

To test the utnfiauration: 



On R2 



R2*Ping 4.4.4.4 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 10(1 percent (5/5), round-trip min/avg'max = 8/26/60 ms 
To verify thi? configuration on K3: 
R3"Sho\v ip route cigrp 

D* 2.0.0.0/8 190/28098561 via 10.1.23.2, 00:04:24, Serial0/1 J2 

D 3.0.0.0/8 [90/2809856] via 10.1 .23.2, 00: 10:39, ScrialO/ 1 .32 

10.0.0.0/24 is subnet ted, 2 subnets 
D 10.1.12.0 [90/2681856] via 10.1.23.2,00:10:39, Scriaiai.32 

R3*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 4 32 "92 ms 
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Task 3 

Configure R2 such that R3 docs NOT use network 2.0.0. :8 as the candidate default s R3 
should still have network 2.0.0.0 '8 in it's routing table. 



On K2 

R2(config)#ro utcr cigrp 100 

R2i;confjg-routcr)p ! >.0 default-information allowed out 

R2p ! Clcar ip cigrp neighbor 

Note the "NO defau It- in formation allowed out"" disables the redistribution of default 
route, meaning that R3 will no longer use network 2.0.0.(1 .'8 as its eandidate default, 
but it will still have that network in its muting table. 

To verify the configuration: 

On R2 

R2r*Show ip route cigrp 

D* 2.0.0.0/8 [902297856] via 10.1.12.1,00:00:25, ScrialO'lJl 
D 3.0.0.0/8 [90/2297856J via 10.1 . 12. 1, 00:00:25, ScrialO.i.21 

On K3 

R3#Show ip route cigrp 

D 2.0.0.0/8 [90/2809856] via 10.1.23.2, 00:01:04 ScrialO.i.32 
D 3, 0. .0/8 [ 90/2 80 9 8 5 6 J v ia 1 . 1 . 23 .2, 00 :0 1 : 04, S cri alO/' 1 .32 

10.0.0.Q'24 is subnetted, 2 subnets 
D 1 0. 1 . 1 2. [ 90/2 6 8 1 8 5 6 J via 1 . 1 .23 .2, 00 :0 1 :06 , Scrialtt 1 ' 1 . 32 

To test the configuration: 

On R3 

R3#Pmg 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 
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Task 4 

Remove the command that was entered in the previous task on R.2. and configure R3 to 
accomplish the same task, if this configuration is performed correctly. R3 should NOT 
use network 2.0.0.0 .8 as the candidate default. 



To remove the command from R2: 

On R2 

R2(c onfig)#ro utcr cigrp 1 00 

R2iconfig-routcr)~ default-in formation alloued out 

R2#Clcar ip cigrp neighbor 

it) verify K2*s configuration: 

On R2 

R2#Sh run S router cigrp 

router cigrp 100 
network 10.1.12.2 0.0.0.0 
network 10.1.23.2 0.0.0.0 
no auto -summary 

Tu verify the configuration on K3 

On K3 

R3r*Show ip route cigrp 

D* 2.0.0.0/8 [90'2809856] via 10.1.23.2,00:00:58, ScrialQ'l .32 
D 3.0.0.0/8 [9Q.'2809856J via 10.1.23.2, 00:00:58, SerialO/1 .32 

10.0.0.0/24 issubnetted, 2 subnets 
D 10.1.12.0 [90 2681856] via 10.1.23.2,00:01:00, ScrialQT.32 

Note Ri uses network 2.0.0.0 /8 as candidate default. To eon fit! u re R3 to 
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accomplish the same (ask; 

On K3 

R3 (con figure utcrcigrp 100 

R3(eonfig-routcr)#NO default-information allowed in 

R3f* Clear ip eigrp neighbor 

Note from R3*s perspective it should disahle the redistrihution of the default 
route inbound, therefore, the direction of the command is configured inbound. 

Note if R2 enters the "no default -information allowed in", then R3 will not 
receive is either. 

To test and verity the configuration: 

On K3 

R3*Show ip route cigrp 

D 2. i). (1 .0/ 8 [9 0.2 809856] via 10. 1 232, 00:0238, SeridfV 1 . 32 

D 3.0.0.0/8 [902809856] via 1 0. 1 .23.2, 00:02:38, Scrialtt'l .32 

10.0.0.0/24 issubnetted, 2 subnets 
D 10.1.12.0 [90/268 1856J via 10.1.23.2,00:02:38, ScrialOi.32 



I ask 5 



Reconfigure the routers based on the following topology and IP addressing: 



Lo2r4 






10.1.1.0/24 
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Lab Setup: 

> Configure FO/0 interlace of the routers in VL AN 1 00. 
'fr Use the IP addressing chart below. 

IP addressing: 



Router 


Interface/ IP address 


RI 


FO/0 = 10.1.1.1 /24 
Loopback2 =2.22.2/8 
Loopback3 = 1 % 1 3 ,'B 
L a o pb ac k4 = 4 .4 .4 . 4 /8 


R2 


FMI = 10.1.1.2 ,24 


R3 


F0 = 10.1.1.3 24 



Task 6 

Configure Eigrp 1 00 on the routers and advertise their directly connected interlaces in AS 
100. Rl should NOT advertise network 4.0.0.0 /8 in this routing protocol. 



On Rl 






Rl (con fig- 
Rl (con fig- 
Rl (c on fig- 
Rl (con fig- 
Rife on fig- 


if)rrroutcr eigrp 100 
router)?* no au 
r o u t cr)finct wo r k 2. . . 
router)#Nctwork 3.0.0.0 
ro u tcr)#Nct wo rk 1 . 1 . I . 


0.0.0.0 


On R2 






R2(eonfig)#Routcr eigrp 100 
R2 (c o n fig-r o u t cr) # no au 
R2fconfig-routcr)#nctwork 10.1. 1.2 


0.0.0.0 


On R3 






R 3 (con fig) 


^Router eigrp 1 00 
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R3(config-routcr)#no au 
R3(config-routcr)#nctwork 10. 1. 1.3 0.0.0.0 

To verify the configuration 

On R2 

R2#Show ip route eigrp 

D 2. 0.0 .0,8 [90. 4 09600] via 1 0. 1 . 1 . 1 , 00: 1 5:2 1 , Et hcrnctO/0 
D 3. 0.0 .0/8 [90/4 09600 J via 10.1 . 1.1 , QO: 1 5:2 1 , Et hcrnctO/0 

On R3 

R3r*Show ip route cigrp 

D 2. 0. 0.0/8 [90/409600 J via 1 0. 1 . 1 . L 00: 1 5:0 6, Et hcrnctO/0 
D 3. 0.0 .0/8 [90/4 09600 J via 1 0. 1 . 1 . 1 , 00: 1 5:0 6, Et hcrnctO/0 

Note Rl should not have any Kigrp routes in its routing table. 






Task 7 

Configure Rl to advertise Network 2.0.0.0 '8 and Network 3.0.0.0 8 as candidate default 
in this routing domain. 






On Rl 

Rlleonfig)sip default-network 2.(1.0.0 
R](config)#ip default -network 3.0.0.0 

I o verify the configuration: 

On R2 

R2**Sho\v ip route cigrp 

D* 2.0.0.0/8 [90 4096001 via 1 0.1.1.1, 00:02:55, EthcmctO 
D* 3.0.0.0/8 [90 409600] via 1 0. 1. 1 . L 00:02:52, EthcrnctO/0 
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On K3 

R3#Show ip route cigrp 

D* 2.0.0.0/3 [90 409600] via 10. 1.1.1, 00:03:56, EthcrnetO/0 
D* 3.0.0.0/8 [90 409600] via 10. 1.1.1, 00:03:52, EthcrnctQ'O 

Note both R2 and R3 use networks 2.0.0.0 /8 and 3.0.0.0 ,'S as their candidate default. 



Task8 

Configure R2 and R3 such that R2 uses network 2.0.0.0 M and R3 uses network 3.0.0.0 /8 
as their candidate default. 



On R2 

To configure this task, an access-list is written to identify the network (Network 
2.0.0.0 .'8 in this case), then, the access-list is referenced in the "Default-information 
allowed in"" command, which tells the router that ONLY the network that is 
permitted in the access-list should he used as candidate default. 

R2(config)#acccss-list 2 permit 2.0.0.0 

R2 1 config)#ro utcr cigrp 100 

R2(c on fag-routcr)#dciaLi It-information allowed in 2 

R2#clc ip cigrp neigh 

R2f*Show ip route cigrp 

D* 2.0. 0. 0/8 [90/409600 j via 1 0. 1 . 1 . 1 , 00:0 1:41, FastE thcrnctO 
D 3.0.0.0/8 [90/409600] via 10.1 .1.1, 00:01:4 I , FastEthcrnctO 

The following shows the configuration of R3: 

On R3 

R3 (con fig^ac cess -list 3 permit 3.0.0.0 

R3 (c o n fig )#Ro u tcr cigrp 1 00 

R3fconfig-routcr)^default-infom]atitm allowed in 3 
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R3#Cjg ip cigrp neighbor 

'l'o verify the configuration: 

On K3 

R3"Show ip route cigrp 

D 2. 0.0 .0/8 [ 90:4 09 6 J via 1 . 1 . ! . 1 , 00 : 1 : 1 , E t hcrnctO/0 
D* 3.0.0.0/8 [90 409600] via 10. I.I.I, 00:0 1 :() 1 , EthcrnctO/0 

l'o test the configuration: 

On R2 

R2^Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rale is 100 percent {SIS), round-trip min/'avg'rnax = 4/1 1/24 ms 

On K3 

R3#Pjjjg 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 4/13 24 ms 



Task 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 4 - Eigrp Filtering 



LoO-2 




F0'1 



10.1.120124 



.1 



FQ/1 .2 



LoO-2 




LoO-2 



FC'O 



3 FO'O 
10.1. 234.0/24 





I .alt SL'tuu: 

• Configure the FQ/l interface of Rl and R2 in V LAX 12 

• Configure the FG/O interlace of R2, R3 and R4 in VLAX 234 

• Use the following IP addressing chart for IP assignment: 



IP Addressing chart: 



Router 


Interface/ IP address 


Rl 


FO 1 = 10. 1. 12.1 24 
LoO = 1.1.1.1/8 
Lo 1 =11.1.1.1/8 
Lq2 = 111.1.1.1/8 


R2 


F0/1 = 10.1.12.2 '24 
F0/0= 10.1.234.2 .'24 
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LoO =2.2.2.2 m 
Lol =20(1.1.1.1/24 
Lo2 = 200.2.2.2 /24 


R3 


FO 0= 10. 1.234.3 24 
LoO =3.3.3.3 /B 
Lol =200.1.1.1 .24 
Lo2 =200.2.22/24 


R4 


FC)/0= 10.1.234.4 '24 



Task 1 

Configure E1GRP 1 00 on all routers and advertise their directly connected links. You 
should disable auto summarization on these routers 



On Kl 

R 1 (c o n figure u tcr cigrp 1 00 
Rl (config-routcr)#nctwork 1.1,1 J 0.0.0.0 
R](config-routcr)*nctwork 10.1.12.1 0.0.0.0 
Rl(config-routcr)#rictwork 1 1. 1. 1. 1 0.0.0.0 
Rl (config.routcr)#nct\vork 111.1.1.1 0.0.0.0 
R I (con fig-router)** no an to -sum man' 

On R2 



R2 (c o n figure u tcr cigrp 1 00 
R2 f c o n fig -ro u t cr)#nct\vo r k 10. 



2.2 0.0. 



1.0 

.0.0 

).0 

1.0 



R2(conhg-routcr)£nctwork 10.1.234.2 0.( 
R2(config-routcr)#nctwork 200.1 .1.1 0.0. 
R2(config-routcr)#nctwork 2002.2.2 0.0. 
R2(config-routcr)** network 2.222 0.0.0.1 
R2(config-routcr)**no auto-sum man 

On K3 



R 3 ( c o n fig)#ro u tcr cigrp 1 
R3(conf]g-routcr)#nctwork 10.1.234.3 0.0.0.0 
R3(config-routcr)#nctwork 200.1.1.1 0.0.0.0 
R3(config.router)#nctwork 200.222 0.0.0.0 
R3 (c o n fig-ro u tcr)# net wo r k 3. 3 . 3 . 3 . . 0. 
R3(oonfig -router)^ no auto-sum marv 
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On K4 

R4(config)#ro Liter cigrp 1 00 
R4i;config-routcr)#nctwork 10.1.234.4 0.0.0.0 
R4 (c o n fig-ro li t cr ) # no a u to - sum m a it 

To verity the configuration: 

On R4 

R4"Sho\v ip route Eigrp 

D 1.0.0.0.8 [90 1 58720] via 10.1.234,2, 00:00:17, FastEthcrnctO u 
D 2.0.0.0/8 [90/1 56 1 60] via 1 0. 1 .234.2, 00:00: 1 7, FastEthcrnctO 
D 3.0.0.0/8 [90/1 56 1 60] via 10.1 .234.3, 00:00: 1 7, FastEthcrnctO/0 
D 20 . 1 . 1 . 24 [ 9 1 5 6 1 6 ] via 1 . 1 234 . 3 , 00 : 00: 1 7 , FastE thcrnctO 

[90, 1561 60] via 10. 1 234.2, 00:00: 1 7, FastE thcrnctO 
D 200.2.2.0/24 [9Q/1 56 1 60] via 10. 1 .234.3, 00:00s 1 7, FastE thcrnctO 

[90'1 56 1 60] via 10. 1 234.2, 00:00: 1 7, FastE thcrnctO/0 
D 1 1 1 .0.0.0/8 [90:1 58720] via 1 0. 12342, 00:00:1 7, FastE thcrnctO/0 

10.0.0.024 issubnetted, 2 subnets 
D 1 0. 1 . 1 2. [90/3O72O] via 10. 1.234.2, 00:00: 1 7, FastEthcrnctO/0 
D ! 1 .0.0.0/8 [90/1 58720] via 1 0. 1 .234.2, 00:00:1 7, FastEthcrnctO 



Task 2 

Configure R4 such that it filters existing ( 1.0.0. 0'8, 11.0. 0.0 8 and 111. 0.0.0 8) and future 
network behind Rl . DC) NOT use "distribute- list" or "route- map" to accomplish this task 



By tie fa u 
behavior 

On R4 

R4*Sh ip 


It, Eigrp will discard routes that have a In. 
can be utilized to accomplish this task, as 

cigrp topology 1 1.0.0.0 255.0.0.0 1 Inc Hon 


p count 
follows: 


of 101 


or more. 


this 


Hop 
R4#Sh ip 


count is 2 
cigrp topology 


.0.0.0 2 


55.0.0.0 | 


Inc Hop 


Hop 


count is 2 
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R4*Sh ip cigrp topology 1 1 1.0.0.0 255.0.0.0 Inc Hop 

Hop count is 2 

Note the routes behind Rl have a hop count of 2, whereas, the other routes advertised 
in this topology have a hop count of 1: 

R4sSh ip cigrp topology 2.0.0.0 255.0.0.0 lnc Hop 

Hop count is 1 
R4*Sh ip cigrp topology 3.0.0.0 255.0.0.0 lnc Hop 

Hop count is 1 

Therefore, >ve should reject routes that have a hop count greater than 1: 

On K4 

R4 (con figure- utcr cigrp 100 
R4(config-roLitcr)#inetric maximum-hops 1 

Note when the above command is entered, the following message should be received, 
this is because the policy for Eigrp is changed from 100 (Default hop count) to ONLY 
1: 

l} A>DUAL-5-NBRCHANGE:IP-EIGRP<0f 100: Neighbor 10.1.234.2 (FastEttierretO/Oj is 

down: Max hopcoutit clianged 

%DUAL-5-NBRCHANGE:}p-EIGRP(0j 100: Neighbor 10.1.234.3 (FastEthernetO/Oj is 

down: Max hopcoutit dianged 

%DUAL-5-XBRCHANGE: IP-EIGRP(0/ 100: Neighbor 10.1.234.2 (FastEthermtO/Oj is up: 

new adjacency 

WUAL-5-NBRCHANGE: fP-EIGRP(0/ 100: Neighbor 10.1.234.3 (FastEthermtO/O) is up: 

iiew adjacency 

To verify the configuration: 

On R4 

R4ftShow ip route cigrp 

D 2.0.0.0/8 [9M561 60] via 10. 1 234.2, 00:0 1:48, FastE thcrnctO/0 
D 3.0.0.0/8 [90/1 56 1 60] via 10. 1 234.3, 00:01:48, FastE thcrnctO 
D 200.1. 1.0. 24 [90.156160; via 10. 1.234.3, 00:01:48, FastE thcrnctO 
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[90' 


156160] 


via 10.1234.2, 


00:01:48. 


FastE thcrnctO/0 


D 


200.2 


10 2- 


If 90 


1561601 


via ! 0.1.234.3, 


00:01:48, 


FastE thcrnctO.' 








[90; 


156160] 


via 10.1.234.2, 


00:01:48. 


FastE thcrnctO 




10.0.0.0/24 if 


> subnet ted. 2 


subnets 






D 


10.1 


.12.0 


[90/ 


30720] via 10.1.234.2, 00:01:48, FastEthcrnctO/0 



Task 3 

Configure R4 such that it ONLY takes R2 to reach Network 200.1 . 1.0 £24. 



On K4 

Note in this case an extended access-list can be used to filter a prefix from a given 
route- source: in the following extended access-list, the source address in the ACL 
references the advertising neighbor, whereas, the destination address in the ACL 
references the actual Network: 

R4(config)*access-list 100 deny ip host 10.1.134.3 host 200.1.1.0 
R4(config)r*aecess-list 100 permit ip any any 

R4 (con fig .^router cigrp 100 
R4(config-routcr)r*distribute-list 100 in FO/0 

To verify the configuration: 



On K4 

R4*Sh ip route cigrp 

D 2.0.0.0/8 [90/1 56 1 60J via 10. 1 .234.2, 00:0 1:20, FastE thcrnctO/0 
D 3.0.0.0/8 [90/156160] via 10.1.234.3,00:01:20, FastE thcrnctO 
D 200.1.1.0/24 190/1561601 via 10.1.234.2, 00:01:20, FastEthcrnctO 
D 200.2.2.0 24 [90T56160J via 10.1234.3, 00:01:20, FastEthcrnctO 
190/1561 60] via 10. 1 .234.2, 00:0 1:20, FastE thcrnctO/0 
IO.O.O.Q'24 is subletted, 2 subnets 
D 10. 1.12.0 190/30720] via 10.1 .234.2, 00:01:20, FastEthcrnctO 
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Task 4 

Re- configure the solution in task 3 such that if R2 is down R4 can reach network 
200.1 .1.0 24 through R3. 



In this case (he distance can he manipulated to accomplish this task, as follows: 

To remove the commands from the previous step: 

R4(config)#routercigrp 1 00 
R4(config-routcr)#\o distribute- list 100 in F0/0 

R4(config)#No access-list 100 

The next step is to configure the new policy: 

Step 1: 

Configure an access-list to identity the network: 

R4i config)? access -Ibl 1 permit 200.1.1.0 0.0.(1.255 

Step 2: 

Utilizing the distance command, the AD for network 200.1.1.0 24 ONLY through R3 

is set higher than the default AD of 90: 

R4(config-routcr)#if stance 91 10.1.234.3 0.0.0.0 1 

The above command sets the AD to 91 through R3 for networks identified in access- 
list 1. The following command resets the neighbors (This is done to speed up the 
process, on some I OS versions, it is done automatically: 

R4#Clc ip cigrp neighbor 

To verify the configuration: 

On K4 

R4#Sh ip route cigrp 

D 2. 0.0 .0/8 [ 90/1 561 60] via 1 Q, 1 .234.2, 00 :00: 1 2 , FastE thcrnctO/0 
D 3.0.0.0/8 [90/156160] via 1 0. 1234.3, 00:00:12, FastEthcrnctO 
D 200.1.1.0/24 190/1561601 via 10.1.234.2,00:00:12, FastEthcrnctO 
D 20 . 2. 2. 0/24 [ 9 0/1 56160] via 10.1 .234 . 3 , 00 : 0: 1 2 , FastE thcrnctO 
[90 156160; via 10. 1.234.2, 00:00:12, FastEthcrnctO 
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10.0.0.0/24 issubncttcd, 2 subnets 
D 10.1.12.0 [90/30720J via 10.1.234.2, 00:00:12, FastEthcrnctO/0 

10 test the configuration: 



On R2 

R2(config')#int lol 
R2(config-il>Shut 

To verify the test: 

i iii i 

On K4 

R4#Sh ip route cigrp 

D 2.0.0.0 8 [90 156160] via 10.1234.2, 00:01:05, FastE thcrnctO/0 
D 3. 0. . 8 [ 90 1 5 6 1 60 J via 1 . 1 234 . 3 , 00 :0 1 :0 5 , FastE thcrnctO 
D 201). 1.1.0/24 [91/156160J via 10.1.234.3, 00:00:08, FastEthcrnctO 
D 200.2.2.0/24 [90/156160J via 10.1.234.3, 00:01:05, FastE thcrnctO ,0 
[9Q1 56 1 60 J via 1 0. 1 .234.2, 00:0 1:05, FastE thcrnctO 
10.0.0.0 24 issubncttcd, 2 subnets 
D 10. 1.12.0 [90 30720] via 10.1.234.2, 0O:Ol:Q5 s FastEthcrnctO 



1 ask 5 

Filter network 2.0.0.0/8 on R4; DC) NOT use thc"distributc-lisf' command to accomplish 
this task. 



Once again the distance command can be used to accomplish this task, the 
difference between the solution used in this task and the solution used in the 
previous task is that the AD is set to a value that is unreachable (255). 

On K4 

R4 (co nfig^aec ess -list 2 permit 2.0.0.0 

R4(eonfig)#ro Liter cigrp 1 00 
R4(config-routcr)#distanct! 255 10.1.234.2 0.0.0.0 2 
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To verify the configuration: 

On K4 

R4frSho\v ip route cigrp 

D 3.0.0.0/8 [90 1561 60] via 10. 1 .234.3, 00:02: 1 6, FastE thcrnctO/0 
D 200. 1 . 1 . 24 [90 1561 60 j via 10. 1 .234.2, 00:02: 1 6, FastE thcrnctO 
D 200.2.2.0 24 [90/1 561 60] via 10. 1 .234.3, 00:02: 1 6, FastE thcrnctO 
[90/1561 60 J via 10. 1 .234.2, 00:02: 1 6, FastE thcrnctO 
10.0.0.0/24 is subletted, 2 subnets 
D 10.1.12.0 [90/30720] via 10.1.234.2, 00:02:16, FastE thcrnctO'O 



Task 6 

Erase the startup con tig and reload the routers before proceeding to the next task. 
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Lab 1 - Advertising Networks 



ArwQ 




l.al> Set up: 

• C Q n figu r c t h c tram o relay co n ncc t io n li si ng the S 0/0 i ntcrface 

• Configure the FG/0 interface of R2 and R3 in VL AN 23 

• L'sc the following IP addressing chart for IP address assignment 

IP addressing: 



Router 


Interface/ IP addressing 


Rl 


SO/0 = 10.1.12.1 24 




Lo0 = 1.1.1.1 8 


R2 


SO/0 = 10.1.12.2/24 




F0 = 10.1.23.2 24 




10.2.2.2 .24 Secondary 




LoO =2.2.2.2 /H 


R3 


F0.'0= 10.1.23.3/24 




10.3.3.3 ..24 Secondary 




LoO = 3.3.3.3 8 
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Task I 

Configure OSPF on these routers and run every interface (This includes the secondary 
interfaces) of these routers in Area 0: do not use "Network" command to accomplish this 
task. The loop back interface's should be advertised with their correct mask. There should 
NOT be a DR election on the Frame-relay network, do NOT use Point-to-Multipoint 
network type. 



On Rl 






Rifconfig^intSO/O 

Rl(config-if)#ip ospf network point-to 

Rlfconfig-if)#ip ospfl area 


-poi 


nt 


Rl(config)#int Io0 

Rl (config-if)#ip ospf network point -to 

Rl(config-if)#ip ospfl area 


•poi 


nt 


On R2 






RZfconfig'^intLoO 

R2(config-if)#ip ospf network point-to 

R2(config-if)#ip ospf 1 area 


-poi 


nt 


R2(config)#intFu'/0 
R2(config-if)#ip ospf 1 area 






R2i;config)#int SO 

R2(config-if)#ip ospf network point-to 

R2(config-if)#ip ospfl area 


-poi 


nt 


On R3 






R3(config)#intLoO 
R3(config-if)#ip ospf 1 area 
R3fconfig-if)rrip ospf network point-to 


■point 


R3(config)#intF0.0 
R3(config-if)r#ip ospfl area 






I o verify the configuration: 






On Rl 
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R 1 "Show ip route DSpf 1 nc 

2.0.0.0/8 [1 1Q 65J via 1 0. 1 . 1 2.2, 00:05:58, ScrialO/0 
3.0.0.0/8 [1 1Q 75J via 10. 1. 12.2, 00:05:58, Scrialtt'O 
10.3.3.0 [110/84] via 10.1.12.2, 00:05:58, ScrialO/0 
10.2.2.0 [110/74] via 10. 1 .12.2, 00:05:58, ScrialO/0 
1 ft 1.23.0 [110/74] via 10.!.! 2.2, 00:05:58, ScrialO/0 

Note the secondary IP addresses are also advertised. 






Task 2 

Configure R2 and R3 such that the secondary IP addresses arc NOT advertised: do NOT 
use Acccss-Hst, Prefix-lists or filtering of any type and minimum number ot'eommands 
should be used to accomplish this task. 






On R2and R3 

R2(config)#int FO/0 

R2fconfig-if)rrip ospl'l area secondaries none 

To vertl'v the configuration: 

On kl 

R I -Show ip route ospf Inc Q 

2.0.0.0 8 [11 0.65] via 10.1.122, 00:01:00, ScrialO/0 
O 3.0.0.0 8 [110/75] via 10.1.122, 00:01:00, ScrialO/0 
10. 1.23.0 [110/74] via 10.1.122, 00:01:00, ScrialO'O 

Note the secondary Prefixes are no longer advertised. 




cc 


Task 3 

Erase the startup configuration and reload the routers hclbrc proceeding to the next lab. 
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Lab 2 
Optimization ot'QSPF and Adjusting Timers 



Area 




[,tib Setup: 



> R2 and R3's FQ/Q interlace should be configured in VLAN 23. 

3^ Rl and R2, R3 and R4 should be configured in a frame-relay point-to-point 

manner. 



IP Addressing 



Router 


Interface 


JP address 


Rl 


LoO 

F R interface 


1.1.1.1/8 
10.1.12.1 24 


R2 


LoO 

F/R interface 

Ri 


2.2.2.2/8 
10.1.12.2/24 

10.1.23.2 /24 


R3 


LoO 

F R iniLMiliJL' 

FO/0 


3.3.3.3/8 
10.1.34.3/24 
10.1.23.3 24 


R4 


LoO 

F/R interface 


4.4.4.4 /8 
10.1.34.4 '24 
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Task 1 

Configure OSPF on all routers and advertise their directly connected networks in area 0. 



On K4 

R4(config)#Routcr ospf 1 
R4(config-routcr)#nct 0.0.0.0 0.0.0.0 arcO 

On R3 

R3(config-ii>Routcr ospf 1 
R3i;config-routcr)*nctwork 0.0.0.0 0.0.0.0 arcO 

On R2 

R2(config-itV Router ospf 1 
R2i;config-roiitcr)*nct\v 0.0.0.0 0.0.0.0 arcO 

On Rl 



R 1 (c o n fig- ii>Ro u tcr o sp f 1 

Rl (config-routcr)#nctw 0.0.0.0 0.0.0.0 arc 



To verity the configuration: 



On Rl 

Rl#Sho\v ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65] via 10.1.12.2, 00: 00:04, ScrialO'0. 12 

3.0.0.0.32 is subnetted, 1 subnets 
O 3.3.3.3 [1 10/66] via 10.1.12.2,00:00:04, ScrialO/0. 12 

4.0.0.0/32 is subnetted, I subnets 
O 4.4.4.4 [110/ 130 J via 1 0.1. 12.2, 00:00:04, ScrialO'0.12 

10.0.0.0/24 is subnetted, 3 subnets 
O I ft 1 .23.0 [110/65] via 10. 1 .12.2, 00:00:04, ScrialO/0.12 
C ) 1 0. 1 .34. [ 1 1 0/ 1 2 9 J v ia 1 . 1 . 1 2 2 , 00:00 :04 , SeriaK)/0 . 1 2 
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Task 2 

R4 is getting flooded with LSA type 6 packets; ensure that R4 does not generate a syslog 
message for these packets. 






Cisco routers do NOT support LSA type 6 packets and each time an OSPF router 
receives tin MOSPFfLSA type 6) packet it sends a syslog message. If the routers 
receive many LSA type 6 packets they will generate a large number of syslog 
messages. This feature should he disabled to prevent this from occurring. 

On R4 

R4 ( c o n fig)#ro u t cr o sp f 1 

R4 (con fig-router ignore Isa mospf 






Task 3 

To ensure fast dctcetion of a neighbor being down, configure R2 and R3 to send their 
hcllos tour times a second with a hold time of one second. 






On R2 

R2i;config)#int ffl/0 

R2(config-if)#ip ospf dead- interval minimal he Ho -multiplier 4 

On R3 

R3i;config-iiyint ftl'O 

R3(config-if)#ip ospf dead- interval minimal he Ho -multiplier 4 

The dead interval is advertised in OSPF hello packets. The values of this parameter 
must he the same for tWB routers in order for them to form a neighbor adjacency. 
B\ specifving the "minimal 1 " and "hello-multiplier" Ice v words with a multiplier 
value, you are enabling OSPF fast hello packets, The "minimal"" keyword sets the 
dead interval to 1 second and the "hello-multiplier" value sets the number of hello 
packets sent during that 1 second. 




cc 
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Task 4 

Ensure that these routers lookup DNS names tor use in all OSPF show commands, test 
this task to ensure proper operation. Since there arc no DNS servers in this lab you should 
use the routers tor that purpose. 



To test the OSPF "Show" commands before implementing this feature, enter the 
following: 

Show ip ospf database router 

OSPF Router with ID ( 1 . 1 . 1. 1) (Process ID 1 ) 

Router Link States (Area 0) 

LSagc: 1575 

Options: (No TOS -capability, DC) 

LS Type: Router Links 

Link State ID: I.I.I. I 

Advertising Router: 1.1.1.1 

LS Scq Number: 80000002 

Checksum: Ox 1D3F 

Length: 60 Note the router-id is displayed 

Number of Links: 3 

On All Routers 

(config)#ip ospf name- look up 

(config)#iphost Rl 1.1. 1. 1 
(coniig^ip host R2 222.2 
(config)#ip host R3 3.3.3.3 
(config)#ip host R4 4.4.4.4 

Show ip ospf database router 

OSPF Router with ID (I.l. 1.1) (Process ID 1 ) 

Router Link States (Area 0) 

LSagc: 1651 

Options: (No TOS -cap ability, DC) 

LS Type: Router Links _ Note the change, its replaced by the name configured 



Link State ID: I . I . I . I ^^^ in the "IP host" comman d. 
Advertising Router: Rl 
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LS Scq Number: 80000002 
Checksum: 0x1 D3F 
Length: 60 
Number of Links: 3 






Task 5 

Configure R2 such that if it docs not receive an acknowledgment from R3 for a given 
LSA, it waits lor 10 seconds before it resends that given LSA. 








On R2 

R2(config)#int fOVO 

R2(config-if)#ip ospi' retransmit- interval 1(1 

When an OSPF enabled muter sends an LSA to it's neighbor, it keeps the LSA until 
it receives an ACK from that given neighbor. If the retransmission timer expires 
and the router receives no ACKs, the muter will resend that LSA. The default timer 
is set to 5 seconds, and the range is 1 — 65535. 






Task 6 

Configure R2 such that it limits the number of non-self generated LSAs that an OSPF 
routing process can keep in the OSPF LSDB to 900. 






On R2 

R2(conflg-if)#roiUcr ospf 1 
R2 (con fig-ro iiter)#m ax - Is a 90 

By default the number of non-self-generated LSAs that an OSPF routing process 
can keep in the database is not limited. To limit this number, we can use the "max- 
Isa'" command in the router configuration mode. This command contains the 
following fields: 

Max-lsa maximum -number [thresh old- percentage J [warning-only] [ignore- time 
minutes [ignorc-count ~ [reset- time minutes' 
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> Maximum-number- The maximum number of no n- self- generated LSAs that an 
OSPF router can keep in the OSPF database. 

'r Threshold-percentage — The percentage of the maximum LSA number, as 
specified by the maximum- number, at which a warning message is logged. The 
default is 75. 

>■ Warning-only — This spec ifics that only a warning message is sent when the 
maximum limit tor LSAs is exceeded. 

> Ignore-time minutes — This value specifics the time, in minutes,, to ignore all 
neighbors after the maximum limit of LSAs has been exceeded. The default is 5 
minutes. 

> Ignore-count count-number— Specifics the number of times the OSPF process 
can consecutively be placed into the ignore state. The default is 5 times. The 
router can not exceed this number. 

£■ Reset-time minutes - This value specifics the time, in minutes, after which the 
ignore count is reset to zero. The default is 10 minutes. 






Task? 

R3 and R4 should exchange hcllos every 1 5 seconds with a dead interval of 60 seconds. 
Do NOT use ip ospf dead-interval to accomplish this task. 






On R3 

R3 (c o n fig-ro u tcr)#l n t SO/0 . 34 
R3(config-subif)#ip ospf hello-interval 15 

On R4 

R4 (c o n fig-ro u tcr)# In t SO/0 . 43 
R4(config-subif)#ip ospf hello-interval 15 

Once the hello-interval is set, OSPF process will set the dead-interval to he four 
times the hello-interval. The default value for the hello timer is as follows: 

> On Ethernet segment its set to 10 seconds. 

> On Non-broadcast networks, its set to 30 seconds. 

To verify the confimiration: 
On R4 
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R4*Show ip ospf int SO/0.43 

ScrialO/0.43 is up, line protocol is up 
Internet Address 10.1.34.4/24, ArcaO 

Process ID 1, Router ID 4.4.4.4, Network Type POINT_TO_POiNT 1 Cost: 64 
Transmit Delay is 1 sec, State POINT_TO_POINT, 
Timer intervals configured,, Hello 15, Dead 60, Wait 60. Retransmit 5 

oob-rcsync timeout 60 

Hello due in 00:00:03 
Supports Link-local Signaling (LLS) 
i The rest of the output is omitted) 



Task 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 3 - OSPF Authentication 



Lab Setup: 



Area 




Configure all frame-relay connections in a point-to-point manner. 
Use the IP addressing scheme below for IP addressing assignment. 
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IP Addressing scheme: 



Routers 


Interface ll J Address 


Connecting to: 


Rl 


SO/0.12-10.1.12.1 '24 
LoopbackO- 1.1.1.1/24 


R2 


R2 


SO/0.21 - 10.1.12 2. 114 

SO/0.23- 10.1.23.2 ,'24 
Loopback 0-2.2.2.2/24 


Rl 
R3 


R3 


SO/0.32- 10.1.23.3/24 
SO/0.34-10.1.34.3/24 
Loopback 0-3.3.3.3 ,'24 


R2 
R4 


R4 


SO/0.43-10.134.4 '24 
SO/0.45-10.1.45.4 24 
Luupback - 4.4.4.4 '24 


R3 
R5 


R5 


SO/0.54-10.1.45.5/24 
Loopback 0-5.5.5.5 .'24 


R4 



Task I 



Configure the frame-relay interface/' s and the loophack interface's of all routers in area 0. 
and ensure that the loophack interfaces arc advertised with their correct mask. The router- 
id of the routers in this area should be based on their loophack interfaces' IP address. 



On Rl 

Rl(config-fr-dlci)#int bO 

Rl (config-if)??ip ospf net point-to-point 

R 1 (c o n fig)* Ro titer a sp f 1 

Rl (eon fig-router)?? router- id 1 . 1 . 1 . 1 

Rl i;config-routcr)#nctw 1.1.1.1 0.0.0.0 are 
Rl(config-router)??nctw 10.1.12.1 0.0.0.0 arc 

On R2 

R2(config)??int loO 

R2(config-if)??ip ospf network point-to-point 

R2(config-if)??routcr ospf 1 

R2 (con fig-router)?* router-id 2.2.2.2 

R2(config-routcr)??nctw 2.2.2.2 0.0.0.0 area 
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R2(config-roLitcr)#nctw 1 0. 1. 12.2 0.0.0.0 area Q 


R2(config-routcr)#netw 10.1.23.2 0.0.0.0 area 


On R3 


R3(config)#int loO 


R3(config-if)rrip ospf network point-to-point 


R3(config-if)#roLitcr ospf 1 


R 3 1 c o n fig-ro u t cr) £ ro ut cr- id 3.3.3.3 


R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 area 


R3(config-router)#nctw 10. 1.23.3 0.0.0.0 area 


R3 (con fig-ro utcr)#nctw 10. 1.34.3 0.0.0.0 area 


On R4 


R4(config)#int loO 


R4 (c o n fig- if)#i p o sp f n ct wo r k p o in t -t o - po i nt 


R4(config-if)#routcr ospf 1 


R4(config-roLiter)#routcr-id 4.4.4.4 


R4(config-roLitcr)#nctw 4.4.4.4 0.0.0.0 area 


R4 (con fig-ro Litcr)£nctw 1 0. 1.45.4 0.0.0.0 area 


R4 (con fig-ro uter)#nctw 1 0. 1.34.4 0.0.0.0 area 


On R5 


R5(config)#int loO 


R5(config-if)#ip ospf network point-to-point 


R5 (con fig- if)#ro Liter ospf 1 


R5iconfig-roLitcr)r#roLitcr-id 5.5.5.5 


R5(config.roLiter)#nctw 10. 1.45.5 0.0.0.0 arcaO 


R5(config-roLitcr)#nctw 5.5.5.5 0.0.0.0 area 


To verify the configuration: 


On Rl 


Rl^Show in route osnf Inc 
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2.2.2.0 [110/65] via 10.1.12.2,00:00:21, ScrialO'O. 12 

3.3.3.0 [110 129] via 10.1.12.2, 00:00:21, SeriaiO/Q. 12 

4.4.4.0 [110. 193] via 10.1. 12.2, 00:00:21, Scrial0.'0. 12 

5.5.5.0 [110/257] via 10.1. 12.2, 00:00:10, ScrialO'0.12 

10.123.0 [110/128] via 10.1.12.2,00:00:21, ScrialO/0.12 

10. 1 .45.0 [ 1 1 0/256] via 10.1. 1 2.2, 00:00:2 1 , ScrialO/0.1 2 

1 0. 1 .34.0 [ 1 1 0/ 1 92 J via 1 0.1.12 .2, 00500:2 1 , ScrialO/0. 1 2 



Task 2 

Configure plain text authentication on all the Frame-relay links in this area. You should 
use a suh-routcr configuration command as part of the solution to this task. Use "Cisco" 
as the password for this au then tic at ion. 



OS PF supports two types of authentication, plain text (64 bit password) and MD5 
(Which consists of a key ID and 128 hit password). In OSPF, authentication must 
he enabled and then applied. 

In OSPF, enabling authentication can be configured in two different ways: one way 
to enable OSPF authentication is to configure it in the router configuration mode, in 
which case authentication is enabled globally on all OSPF enabled interfaces in the 
specified area. The second way to enable authentication is to configure it directly on 
the interface for which authentication is required. 

On Rl 



Rl(config)#routcrospf I 

Rl (config-routcr)n i arca authentication 

Rl (config-routcr)#int SO/0. 12 

R 1 (c o n fig-s ub if )#i p o sp f au then tic at io n -key C isco 

On R2 

R2 (c o n fig)#ro u t cr o sp f 1 
R2(config-router)#arca authentication 

R 2 1 c o n fig-ro u tcr)#in t SO/0 . 2 1 
R2(config-subif)#ip ospf authenticat ion-key Cisco 

R2i;config-sLibif)#int SO/0.23 

R2 (con fig-s ub if)#ip ospf aut hen tkat ion -key Cisco 
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To verify the configuration: 

On R2 

R2f*Show ip ospf interface SO/0.21 

ScrialO/0.21 is up, line protocol is up 
Internet Address 10. 1. 12.2 24 , Area 
Process ID L Routei ID 2.2.2.2, Network Type P01M_TO_P01NT, Cost: 64 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Timer intervals configu red , Hello 1(1. Dead 40. Wait 40, Retransmit 5 

oob-rcsync timeout 40 

Hello due in 00:00:06 
Supports Link -local Signaling (LLS) 
Index 2''2, flood queue length 
Next 0x0(0)/ 0x0(0) 

Last Hood scan length is 1, maximum is 1 
Last flood scan time is msec, maximum is 4 msec 
Neighbor Count is i, Adjacent neighbor count is 1 

Adjacent with neighbor 1 . 1. 1 . 1 
Suppress hello for neighbor! s) 
Simple password authentication enabled 

Note the output of the above "Slum'" command verifies that a simple password 
authentication is enabled and applied to this interlace. 

R2#Show ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

I.I. 1.1 FULL/ - (11:00:30 10.1.12.1 ScrialO 0.2 I 

R2#Show ip route ospf Inc C) 

1 . 1 . 1 .0 [ 1 10/65 J via 10.1. 12. 1 , 00:05:00, ScrialO 0. 2 1 

On R3 

R3(config)#routcrospf I 

R3 (con fig-router)* area D authentication 

R3(config)#intS0,'u\32 

R3(config-subif)#ip ospf authentication-key Cisco 

Rjjgcmfjggkj SO/0.34 
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R3(config-SLibif)#ip ospi' authentication-key Cisco 
To verify the configuration: 

On K3 

R3*Sho\v ip route ospt' Inc 

O 1. 1 . i .0 L I i 0/129] via 10.1.23.2, 00:0 1 :36, ScrialO/0.32 
2.22.0 [110/65] via 10.1.23.2,00:01:36, SerialG'0.32 
10. 1.12.0 [11 0/128] via 10. 1232, 00:0 1:36, ScrialO 0.32 

On K4 

R4(eonfig)#int SO/0.43 

R4 (c a n fig-s ub if)#ip o spl' a u then t ic a t i on - key Cisco 

R4(config-subifl#int SO/0.45 

R4 (c o n fig-s ub if)#ip o spi' a u then t ic a t i on - key Ci s c u 

R4(config-subif)#ro Liter ospf I 
R4(config-routcr)r*area authentication 

'I'tn verity the configuration: 



On R4 

R4#Show ip route ospf Inc O 

1. 1 . 1 .0 L 1 1 0' 193] via 10.1.34.3, 00:00:21, ScrialO/0.43 

2.22.0 [110 129] via 10.1.34.3, 00:00:21 , ScrialO/0.43 

3.3.3.0 [110/65] via 10.1. 34.3, 00:00:21, ScrialO/0.43 

10. 1 .12.0 [ 11 0/1 92] via 10. 1 .34.3, 00:00:2 1 , ScrialO/0.43 

10.123.0 [110/128] via 10.1.34.3, 00: 00:21, ScrialO/0.43 

On K5 

R5(eonfig)#RoLitcr ospf 1 
R5(conl1g-roLitcr)#area D authentication 

R5(config-router)#int SO/0. 54 

R5iConfig-SLibif)#ip ospf authentication-key Cisco 
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To vcrilY the configuration: 

On R5 

R5#Show ip route ospf Inc 

l.l.l .0 [ 1 1 0/257 J via 1 0. 1 .45.4, 00:00:44, ScrialO'O. 54 
Z7.Z0 [11 ' 1 93 J via 1 0. 1 .45.4, 00:00:44, ScriaHHJ.54 
O 3.3.3.0 [110. 129J via 10.1.45.4, 00:00:44, ScrialO/0.54 
4.4.4.0 [110/65] via 10.1. 45.4, 00:00:44, ScrialO'0.54 
1 0. 1 . 1 2. [ 1 1 0/25 6 J via 10.1 .45 .4, 00:00:44, ScrialO/0.54 
1 0. 1 .23.0 [110/192] via 10. 1 45.4, 00:00:44, ScrialO/0.54 
1 ft 1 .34.0 [11 0/128J via 1 0. 1 45.4, 00:00:44, ScrialO/0.54 






Task 3 

Remove the authentication configuration from the previous task and ensure that every 
router sees every mute advertised in area 0. 






On All Routers 

(coniig)r*routcrospf 1 
(config-routcr)#NO area authentication 

On Rl 

Rl(config)#intS0Q.12 

Rl (config-subif)#NO ip ospf authentication-key Cisco 

On R2 

R2(config-sutaif)#int SO/0.2 1 

R2 fc o n fig-s ub if)#\ ( ) ip o sp f au t h en t k at io n- key C i sco 

R2(config-subif)#int SO/0.23 

R2(contig-subit)#\(> ip ospf authentication- key Cisco 

On R3 

R3(ocmfig-routcr)#int SO/0.32 
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R3(config-subif)#NO ip ospf authentication-key Cisco 

R3(confIg.subif)#int SO/0.34 

R3(config-subif)#\0 ip ospf authentication- key Cisco 

On K4 

R4(config)#intS0.D.43 

R4(config-subif)#NO ip ospf au then ticat ion- key Cisco 

R4(config-subif)#int SO/045 

R4(config-subif)#\0 ip ospf authentication-key Cisco 

On \15 

R5(config)#m1 SO/0.54 

R5 (c o n fig-s Lib if)#N ip ospf an t h en t scat io n- key C i sco 



To verify the configuration: 



On Kl 

Rl#Sho\v ip route ospi' Inc 

Q 2.2.2.0 [110 65] via 10.1.12.2,00:00:10, ScrialO 0. 12 
3.3.3.0 [110/129] via 10.1.12.2, 00:00:1 O t ScrialO/0. 12 
4.4.4.0 [110/193J via 10.1. 12.2, 00:00:10, ScrialG'0.12 
5.5.5.0 [110/257] via 10.1. 12.2, 00:00:10, ScrialO/0.12 
10. 1.23.0 [110/128] via 10. 1.12.2, 00:00: 10, ScrialO/0.12 
10.145.0 [110/2561 via 10.1.12.2,00:00:10, ScrialO/0.12 
1 0. 1 .34.0 [ 1 1 0/ 192J via 10. 1.12.2, 00:00: 10, ScrialO/0. 1 2 



Task 4 

Configure MD5 authentication on all the Frame-relay links in this area. You should use a 
sub-router configuration command as part of the solution to this task. Use "Cisco" as the 
password for this authentication. 



The following command enables MD5 authentication on the routers using the muter 

configuration mode: 
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On All Koutcrs 

( configWroutcr ospf I 

(config-routcr')#arca authentication message-digest 

On kl 



R! i:contlg-roLitcr)#int SO/0. 12 

R 1 ( c n fig-s ub if)#i p o sp f mes sagc-d igest -k cy I M D5 C is co 

On R2 

R2 (e o n fig-ro utcr)#in t SO/0 . 2 1 

R2 icon fig-s Lib ii)#ip ospf mes sagc-d igest -key 1 MD5 Cisco 

R2iconfig-subif)#int SO/023 

R2(config-subif)#ip ospf message-digest -key 1 MD5 Cisco 

To verify the configuration: 

On K2 

R2*Show ip ospf interface SO 0.2 1 

Scrial0.'0.21 is up, line protocol is up 
Internet Address 1 .0.1 . 12.2''24 s Ai*a 

Process ID 1, Router ID 2.2.22 s Network Type POINT_TO_P01NT r Cost: 64 
Transmit Delay is 1 sec. State POINT_TO_POINT, 
Timer intervals con figu rod. Hello 10, Dead 40, Wait 40, Retransmit 5 

oob-rcsync timeout 40 

Hello due in 00:00:00 
Supports Link-local Signaling (LLS) 
Index 2'2, flood queue length 
Next 0x0i;0)/0x0(0) 

Last Hood scan length is 1, maximum is 2 
Last Hood scan time is msec, maximum is 4 msec 
Neighbor Count is l t Adjacent neighbor count is 1 

Adjacent with neighbor I . I . I . I 
Suppress hello tbrO ncighbor(s) 
Message digest authentication enabled 

Youngest key id is 1 

Note the output of the above "Show" command reveals that MD5 authentication is 
enabled and applied and the key 1 is in use. 
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R2#Show ip route ospf 




1.0.0.0/24 is sub netted, 1 subnets 
1 . 1 . 1 .0 [ 110/65] via 1 0. 1.12.1, 00:0 1 :50 s 


ScrialO'0.21 


On R3 




R3(config)#int SO/0.32 

R 3 (e o n fig-s ub if )#i p o sp f mes sagc-d igest-k cy 1 


MD5 Cisco 


R3(config-subif)#int SO/0.34 
R3(ecmfig-Stibif)#ip ospf message-digest -key 1 


MD5 Cisco 


To verity the configuration: 




On R3 




R3f*Sho\v ip route ospf Inc 




1 . 1 . 1 .0 L 1 1 ' 129] via 1 0. 1 .23.2, 00:00: 1 1 
? 7 ?0 [110, 65] via 10.1.23.2,00:00:1 1. 
O 10. 1.12.0 [110/128] via 10.123.2, 0O.00 


, ScrialO'0.32 
ScrialQ.'0.32 
1 1 , ScrialO/0.32 


On R4 




R4(config)#intS0.0.45 

R4(config-subif)#ip ospf mcssagc-digcst-kcy 1 


MD5 Cisco 


R4(config-subif)#int SO.0.43 

R4(eonfig-subif)#ip ospf mcssagc-digcst-kcy 1 \1D5 Cisco 


To verify the configuration: 




On R4 




R4#Sho\v ip route ospf Inc O 




O 1. 1 .1.0 [110 '193] via 10.1.34.3, 00:00:21 
22.2.0 [110:1291 via 10.1.34.3, 00:00:21 
3.3.3.0 [110/65] via 10.1.34.3,00:00:21, 
10. 1.12.0 [110/192] via 10. 1.34.3, 00:00 
10. 1.23.0 [110/128] via 10. 1.34.3, 00:00 


, ScrialO/0.43 
, ScrialO'0.43 
ScrialG'0.43 
21 s ScrialO/0.43 
21 s ScriaH)/0.43 
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On R5 

R5(config)#intS0,0.54 

R5(config-subii')#ip ospf message-digest -key 1 MD5 Cisco 

To verify the configuration: 

On R5 

R5#Show ip route ospt" Inc 

1. 1 .1.0 [110/257] via 10.1.45.4, 00:00:42, ScrialO.' 0.54 
2,22,0 [110/193] via 10.1.45.4, 00:00:42, SerialO/Q.54 
3.3.3.0 [110/129] via 10.1.45.4, 00:00:42, ScrialO/0.54 
4.4.4.0 [110/65] via 10.1.45.4, 00:00:42, ScrialO/0.54 
1 0. 1 .12.0 [110 256] via 10. 1 45.4, 00:00:42, ScrialO 0.54 
1 ft 1 .23. [ 11 0. 1 92 J via 1 0. 1 45.4, 00:00:42, ScrialO/0.54 
10. 1.34.0 [110:128] via 10. 1.45.4, 00:00:42, ScrialO 0.54 






Task 5 

Remove the authentication configuration from the previous task and ensure that every 
router sees every route advertised in area 0. 






On All Routers: 

(config^routcrospf 1 

(config-routcr)#N() area authentication message-digest 

On Rl 

Rli;eonfig-router)#int S0/0. 12 

Rl (config-if)#NO ip ospf message-digest- key 1 MD5 Cisco 

On R2 

R2(config)#int SO/0.21 

R2(config-subif)#NO ip ospf message-digest -key 1 MD5 Cisco 

R2i;config-subif»#int SO/0.23 
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R2(ccmfig-Sttbif)#NO ip ospf message-digest -key 1 MD5 Cisco 

On R3 

R3ieon%)#intS0Q.32 

R3(eonfig-subif)#>>0 ip ospf messagc-digest-key 1 MD5 Cisco 

R3i;config-subif)#int SO/0.34 

R3(OOiifig-Siibif)#NO ip ospf mess age-digest-key 1 MD5 Cisco 

On R4 

R4(eonfig)#int SO 0.43 

R4(eonfig-subif)#XO ip ospf message-digest -key 1 MD5 Cisco 

R4(config-subif)#int SO. 0.45 

R4(eonfig-subif!l#XO ip ospt' message-digest -key 1 MD5 Cisco 

On R5 

R5(config)#intS0.0.54 

R5(eonfig-subif)#NO ip ospf mess age-digest-key 1 MD5 Cisco 

To verify the configuration: 

On R5 

R5#Sho\v ip route ospf Inc 

1 . 1 . 1 .0 1 1 1 0/257] via 10. 1 .45.4, 00:09: 1 3, ScriaIQ.'{).54 

2.22.0 [110/1 93 J via 10.1.45.4, 00:09:1 3, ScrialO'0. 54 

3.3.3.0 [110/129J via 10.1.45.4, 00:09:13, ScrialO/0. 54 

4.4.4.0 [110/65] via 10.1.45.4,00:09:13, ScrialO'0.54 

10.1.12.0 1110/256] via 10.1.454, 00:09:13, ScrialO/0.54 

10.123.0 [110/1921 via 10. 1.45.4, 00:09:13, ScrialO/0.54 

10.1.34.0 [110/128] via 10 .1. 45.4, 00:09:13, ScriaKl'0.54 

R5#Show run S router ospf 1 

router ospf I 
rout Ar- id 5.5.5.5 

log-adj ac en cy- C h an gc s 
network 5.5.5.5 0.0.0.0 area 
network 10.1.45.5 0.0.0.0 area 
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Task 6 

Configure MD5 authentication on the Frame-relay link connecting Rl to R2. you should 
use a router configuration command as part of the solution to this task. The password 
should be "ccic : \ 



On Both Routers: 

i L'onJ:g)-ro Liter ospf I 

(config-routcr^arca authentication message-digest 

On Rl 



RI(config)#intSO/0. 12 

R 1 (c o n fig-s ub if)#i p o sp f mes sagc-d igest -k cy 1 M D5 ccic 

On R2 

R2(config)#intS0 0.21 

R2(eonl1g-subif)#ip ospf mes sagc-d igest-key I MD5 ccie 

To verify the configuration: 

On R2 

R2"Sho\v ip route ospf Inc 

1 . 1 . 1 .0 [ 1 10/65] via 10.1 . 12. 1 , 00:00:43, ScrialO/0.2 1 

Note because authentication was enabled in muter configuration mode, every router 
in area MUST have authentication enabled. Since R3 does NOT Inn c 
authentication enabled, R2 will NOT form an adjacency with R3, therefore, they 
will NOT exchange updates. 



Task? 

Configure these routers such that every router has every prefix advertised in this topology 
in their routing table and Link state database. 



On R3. R4 and R5 



CCIE R&*> by Narblk KuL-huriuiw AdtuicedCCIE R&S Work Book 2,11 Page 480 of 1068 

C2009 Narbik Kucha runs. All rijliu raerved 











(config-routcr)#arca authentication message-digest 
To verify the configuration: 

On R2 

R2#Show ip route ospt' Inc 

1. 1 . i .0 L 1 1 0/65] via 10.1 . 12. 1 , 00:01 :01 , Serial 0/0. 21 
3.3.3.0 [110/65] via 10.1.23.3,00:01:01, Serial 0/0. 23 
4.4.4.0 [ 110/129] via 1 0. 1 . 23. 3, 00:0 1 :0 1 , ScrialO/0.23 
5.5.5.0 [110/193] via 10.1.23.3, 00:01:01,ScrialO/0.23 
1 0. 1 .45.0 [110.. 1 92] via 1 0. 1 .23.3, 00:0 1:01, ScrialO/0.23 
10. 1.34.0 [110/128] via 10.1.23.3, 00:01:01, ScriaK)/0.23 

Note once the authentication is enabled on the other routers, they will form 
adjacency and exchange mutes. 






Task 8 

Remove the configuration from the previous task and reconfigure R2 such that every 
router has every prefix advertised in this topology in their routing table and Link state 
database. DO NOT remove the authentication that is applied to the link between Rl and 
R2. 






On R3. R4 and R5 

(config-routcr^No area authentication message-digest 

To verily the configuration : 

On R2 

R2#Show ip route ospf Inc O 

1. 1 . 1 .0 L 1 1 0/65] via 10.1 . 12. 1 , 00:00:06, ScrialG'0.21 

To configure this task, we must disable authentication on the interface facing R3 
using the "IP OSPF authentication null" interface configuration command, meaning 
that there is no need to have authentication passed ,23 interface of R2. Therefore, 
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R3, R4 and' or R5 do NOT need to have authentication enabled. 

On R2 

R2i;config)#intS0/0.23 

R2(config-subif)#ip ospf authentication null 

I o verify the contlauration: 

On R2 

R2#Show ip route ospf Inc 

1. 1 .1.0 [110/65] via 10.1. 12.1, 00:03:02, Serial 0/0. 21 
3.3.3.0 [110/65] via 10.1.23.3,00:03:02, ScrialO'0.23 
4.4.4.0 [110/129] via 10.1.23.3, 00:03:02, ScrialO/0.23 
5.5.10 [11 0/ 1 93] via 10.1 . 23.3, 00:03:02, Serial0'0.23 
10. 1.45.0 [110/192] via 10.123.3, 00:03:02, ScrialO/0.23 
O 10. 1.34.0 [110/128] via 10.123.3,00:03:02, ScrialOO.23 






Task 9 

Re-configure the authentication password configured in task 6 to be "CC1ERS" without 
interrupting the links operation. 






To see the current configuration: 
On Rl 

R l~Show run int SO 0. 12 1 b interface 

interface ScrialO/0.12 point-to-point 
ip address 10. 1.12.1 255.255.255.0 

ip ospf messaye-digesl-key 1 md5 ccie 
f ram c- relay i ntcrfacc-d lei 102 

On R2 

R2*Showrun inter SO D.2 1 h interface 
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interface ScrialO/OJZl point-to-point 

ip address 10. 1. 12.2 255.255.255.0 

ip ospl - message-digest-key 1 md5 ccie 
frame-relay intcrfacc-dk'i 201 

R2nSho\v ip route ospt' lnc() 

1. 1.1.0 [110/65 J via 10.1.12.1, 00:06:26, ScrialO 0.21 

13.3.0 [110 65] via 10.1.23.3,00:06:26, ScrialO/0.23 

4.4.4.0 [110 129 J via 10.1.23.3, 00:06:26, ScrialO/0.23 

5.5.5.0 [110/ 193] via 10.1.23.3, 00:06:26, SerialO'0.23 

10.1.45.0 [110/192] via 10.123.3,00:06:26, Scrial0/023 

10.1.34.0 [110/1281 via 10.123.3,00:06:26, ScrialO/0.23 

To eh a n ae the passwords without any interruption to the link the second key is 
en It. 1 red with tin. 1 required passu urd: 

On kl 



Rl(config)#intS0 0.12 

Rl (eonfig-subif)#ip ospl message- digest- key 2 MD5 CC1ERS 

To verify the configuration: 

On kl 

R l~Show ip ospf inter SO 0. 12 1 b Message 

Message digest authentication enabled 
Youngest key id is 2 

Rollover in progress, 1 neighbor!, s) using the old key(s): 
key id 1 

Note even though the second key (key 2) is only configured on Rl, Rl and R2 are 
still authenticating based on the first key (key I), this is revealed in the second line. 
But the router knows that the second key is configured (The second line in the above 
display) and it knows that the rollover is in progress (The third line), but the other 
end (R2) has not been configured yet. 

On k2 

R2i;config-subif)#int SO '021 

R2iconfig-il>ip ospl message- digest- key 2 MD5 CC1ERS 
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To verify the configuration: 

On R2 

R2*Sh ip ospf inter SO 0.21 b Message 

Message digest authentication enabled 
Youngest key id is 2 

Xote once R2 is configured, both routers (Rl and R2> hi 1 1 snitch over and use (lie 
second key for their authentication. 

On Rl 



Rl^Show ip ospf interface SO/0.12 I b Message 

.Message digest authentication enabled 
Youngest key id is 2 

Once Rl and R2 rollover is completed and both routers display the same youngest 
key without the "rollover in progress" message, we can safely remove the prior key, 
in this case key id 1. Remember that the newest key is NOT determined based on the 
numerical higher value. 

On Rl 



Rl^Show run int SO/0. 12 I Ine ip ospf 

ipospf message-digest- key 1 mdSccic 

ip ospf message-digest- key 2 md5 GOERS 

Rl(config)#intS0/0.12 

RI(config-SLibif)#NO ip ospf mcssagc-digcst-kcy 1 md5 ccic 

On R2 

R2r*Show run int SO 0.21 Inc ip ospf 

ip ospf mcssagc-digcst-kcy I md5ccic 

ip ospf mcssagc-digcst-kcy 2 md5 GOERS 

R2(con%)# int SO/0.21 

R2(config-subif)#NO ip ospf mcssagc-digcst-kcy 1 mdS CC1KRS 
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Task 10 

Remove the configuration from the previous task and task 8 and reconfigure MD5 
authentication between Rl and R2 such that every router has every prefix advertised in 
this topology in their routing table and Link state database. DC) NOT use any router 
configuration mode command to accomplish this task. 



On Rl and R2 

(con±ig)rrroutcrospf I 

(conlig-routcr)#NO area authentication message-digest 

On R2 

R2(config)#int SO/0.23 

R2(config-subif)#NO ip ospf authentication null 

Note the following command enables authentication directly under the .21 interlace 
and NOT in router configuration mode 

R2(config)#intS0.0.2I 

R2(config-subif)#ip ospf authentication message-digest 

On Rl 



RI(config)#intS07u\12 

Rl (config-SLibif)#ip ospf authentication message-digest 



To verify the configuration: 



On Rl 

Rl^Show run inter SO/0.12 Inc ip ospf 

ip ospf authentication message- digest 

ip ospf message-digest- key 2 md5 GOERS 

On R2 

R2#Show run int SO/0. 2 1 Inc ip ospf 

i p o sp f au t he nt katio n messagc-d iges t 

ip ospf mcssagc-djgcst-kcy 2 mdf CC'IERS 
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Note uIil'ii authentication is enabled directly under a given interface, it no longer 

needs to be enabled on all other routers in that area. When authentication is enabled 
directly under a given interface, it's called per-interface authentication. 

To test the configuration: 



On Kl 

R1#Show ip route ospf inc O 

2.22.0 [110/651 via 10.1.12.2,00:14:36, ScrialOO. 12 
3.3.3.0 [110/129] via 10.1.12.2, 00:14:36, ScrialO/0.12 

4.4.4.0 [110/193] via 10.1. 12.2, 00: 14:36, ScrialO/0.12 
5.5.5.0 [110/257] via 10.1.12.2, 00:14:36, ScrialO/0. 12 
10. 123.0 [110/128] via 10. 1.122, 00:14:36, ScrialO/0.12 
10.1.45.0 [110/256] via 10. 1.12.2, 00:14:36, ScrialO/0.12 
10.1.34.0 [110/192] via 10.1.122,00:14:36, ScrialO/0.12 

On R2 

R2#SjjOW ip route ospf ! Inc O 

1. 1.1.0 [110/65] via 10.1.12.1,00:17:32, ScrialOO. 21 
3.3.3.0 [110/65] via 10.123.3,00:17:32, ScrialQ 0.23 

4.4.4.0 [110.129] via 10.1.23.3, 00:1 7:32, ScrialO/0. 23 
5.5.5.0 [110/193] via 10.1.23.3, 00:1 7:32, ScrialO/0. 23 
10.1.45.0 [110/192] via 10.123.3,00:17:32, ScrialO/023 
10. 1.34.0 [110/128] via 10. 1.23.3, 00:17:32, ScriaK)/0.23 



Task 11 

Re- configure the routers using the following chart, Configure OSPF router- id of the 
routers to be based on their Loop back interfaces' IP address, ensure that every router has 
every prefix advertised in this routing domain in their routing tabic and Link state 
database: 



Router 


Interface 


Area 


Rl 


SO/ D. 12 

Loopback 







R2 


SO/0.21 
SO/0.23 




i 
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Loopback 


1 


R3 


SO/0.32 

SO ■'0.34 
Loopback 


1 

2 
2 


R4 


SO/0.43 

SO/ 0.45 
Loop buck 


2 
3 
3 


R5 


SO/0.54 
Loopback 


3 

3 



On Rl 

Rl(eonfig)#\0 router ospf I 

Rl (configure) utcr ospf I 

Rl (corifig-routcr)#rout cr-id 1 . 1 . 1 . 1 

Rl(config-routcr)#nctw 10.1.12.1 0.0.0.0 arcaO 
Rl .(conf:g-routcr)#nctw 1.1.1.1 0.0.0.0 area 

Rl(config)#intS0..t).12 

Rl(eonfig-sub)#NO ip ospf message-digest key 2 CC1ERS 

On R2 

R2(config)#\0 router ospf 1 

R2(config)#routcrospf I 

R2(c on tig -router)?* rout cr-id 2.2. 2.2 

R2i;eonfig-roLiter)#nctw 10.1.12.2 0.0.0.0 arcaO 
R2i;config-roLitcr)#netw 10.1.23.2 0.0.0.0 area 1 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 area 1 
R2(corifig-router)#arca 1 virtual-link 3.3.3.3 

R2(config)#int SO 0.21 

R2(config-sub)#\() ip ospf message-digest key 2 CC1ERS 

On R3 

R3(config)#\0 router ospf 1 

R3(OOiiifigJ#ro utcr ospf I 

RjfconHg-roLitcdr^roLitcr-id 3.3.3.3 
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R3(config-routcr)??nct\v 10. 1.23.3 0.0.0.0 area 1 
R3(config-routcr)??nctw 10.1.34.3 0.0.0.0 area 2 
R3(config-routcr)?' t nctw 3.3.3.3 0.0.0.0 area 2 
R 3 (c o n fig-ro u t cr)??ar ca 2 vi rtua 1- li nk 4 .4 . 4. 4 
R 3 (con fig-ro utcr)??arca 1 virtual- link 2J2.2.2 

On R4 

R4(config)??\0 router ospf 1 

R4 (c o n fig )~ router o sp 1* 1 
R4(config-routcr)?? router-id 4.4.4.4 

R4 (con fig-ro utcr)??nct\v 10.1.45.4 0.0.0.0 area 3 
R4 (con fig-ro utcr)#nctw 4.4.4.4 0.0.0.0 area 3 
R4(config-routcr)ri ! net\v 10.1.34.4 0.0.0.0 area 2 

R4 1 c o n fig-ro u ter)#arca 2 vi rtua 1- li nk 3.3.3.3 

On R5 

R5(config)??\0 router ospf 1 

R5 (c o n fig)?? ro u tcr o sp f 1 
R5(config-routcr)??rautcr-id 5.5.5.5 

R5 (c o n fig-ro u tcr)??nct\v 1 . 1 . 45 . 5 0. . . area 3 
R5(config-routcr)#nct\v 5.5.5.5 0.0.0.0 area 3 



To verify the configuration: 

On Rl 

Rl??Show ip route ospf Inc 

O I A 2 . 2.2.0 [ 1 1 0/6 5J v ia 1 . 1 . . 1 2 .2, 00 :00 : 32, ScrialQ.'O . 1 2 

IA 3.3.3.0 [110129] via 10.1 ..12.2, 00:00:32, Scrial0/0.12 

O [A 4.4.4.0 [110; 193] via 10.1.12.2, 00:00:32, Scrial0/0.12 

IA 5.5.5.0 [110 ,'257 J via 10.1.122, 00:00:32, Serial0/0.12 

IA 10.1.23.0 [110/128] via 10.1.12.2, 00:00:32, ScrialO/0.12 

IA 10.1.45.0 [110/256] via 10.1. 12.2, 00:00:32, ScrialO/0.12 

OlA 10.1.34.0 [IIP 192] via 10.1.12.2,00:00:32, ScnalO.0.12 
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On R5 










R5#Show ip 


route ospf 


IncO 






OIA 


I.I. 1.0 [110/257 


J via 10 


.1.45.4, 00:0 1:50 


ScrialO/0.54 


OIA 


2.2.2 


.0 [11 0.1 .93 


j via 10 


1.45.4. 00: 01:50 


ScrialO/0.54 


OIA 


3 3 1 


.0 [110 129 


] via 1 


1. 45.4 ,00:0 1:59 


ScrialO/0.54 





4.4.4.0 [110 65; \ 


ia 1 . 1 . 45 . 4 , 00 : 1 : 5 9 , Serial 0' . 54 


OIA 


10.1 


12.0 [11 0/2 


56] via 


10.1.45.4, 00:01: 


50, ScrialO/0.54 


OIA 


10.1 


23.0 [110/1 


92] via 


1 0.1. 45.4, 00:01: 


50, Serial 0'0. 54 


OIA 


10.1 


34.0 [110/1 


28] via 


10.1.45.4,00:01: 


59, Serial 0/0. 54 



task 12 

Configure MD5 authentication on the link between Rl and R2 in area 0, the password lor 
this authentication should be set to Micron ics, you should use router configuration mode 
to enable authentication. 



On Rl and R2 

(confag)#routcrospf 1 

(config-routcr^arca authentication message-digest 

On Rl 



RI(config)#intS0 0.12 

R 1 (c o n fig-s ub if)#ip o sp f mes sagc-d igest-k cy 1 md 5 M icro n ic s 

On R2 

R2(config)#intS0D.21 

R2(config-subif)#ip ospf message-digest -key I md5 Mkxonies 



To verify the configuration: 



On R2 

R2r*Show ip route ospf Inc 

1.1.1.01 110 65; via 10.1.12.1,00:02:32, ScnaiO.0.21 
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Note III does not have tiny other prefix in it's routing table, this is because 
authentication is enabled directly under the router configuration mode of Rl 
and R2 and NOT the other area routers. Enter the following commands to 
enable authentication on the other area routers: 



On R3 and K4 

(con:tig)#routcr ospf 1 

(config-routcr^arca authentication message-digest 

When a virtual-link is created (in a given ABR that router becomes an area 
router, therefore, routers R3 and R4 must have authentication enabled. 

To verify the configuration: 

On \15 

R5#Show ip route ospl' Inc O 

1 A i . 1. 1.0 [110:257] via 10.1.45.4, 00:06:30, ScrialO/0.54 

O 1 A 2.2.20 [110.. 193] via 10.1 .45.4, 00: 14:04, ScrialO/0.54 

1A 3.3.3.0 [110/129] via 10.1.45.4, 00:14:04, ScrialO/0.54 

4.4.4.0 [11 0/65 J via 10.1.45.4, 00: 14:04, SerialO'0.54 

O 1A 10.1.12.0 [110 256] via 10.1.45.4, 00:06:30, ScrialO'0.54 

O 1A 10.1.23.0 [110/192] via 10.1.45.4,00:14:04, ScrialQ/0.54 

O 1A 10.1.34.0 [110/128] via 10.1.45.4,00:14:04, ScrialO/0.54 



Task 13 

Remove all authentications and configure MD5 authentication on the link between R I 
and R2 using "Micron ics" as the password. Ensure that every router in this routing 
domain has all the prefixes advertised by all the other routers in their routing tabte and 
link state database. You should NOT configure the other routers to accomplish this task. 



On RL K2. R3 and K4 

(config^routcrospf 1 

(config-routcr')r i N(> area authentication message-digest 
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On Rl 

Rli;config-router)#int SO/0. 12 

Rl (config-subif)#ip ospf authentication message-digest 

R 1 (c o n fig-s Lib if)#i p o sp f mcs sagc-d igcst-k cy 1 M ic ro n ic s 

On R2 

R2(config)#intS0 0.2l 

R2(config-subif)#ip ospf authentication message-digest 

R2(ccmfig-subif)#ip ospf mcs sagc-d igcst-k cy 1 Micro nics 



To verify the configuration: 



On Rl 

Rlf»Show ip route ospf i lnc O 

IA 2.2.2.0 [1 10/65] via 10.1.12.2, 00:0 1:41, ScrialO/0.12 

[A 3.3.3.0 [110/129] via 10.1.12.2,00:01:42, Scrial0/0.12 

1A 4.4.4.0 [110/193] via 10.1.12.2,00:01:42, SerialO/0.12 

1A 5.5.5.0 [110/257] via 10.1.122,00:01:42, ScrialO/0.12 

O IA 10.1.23.0 [110/128] via 10.1.12.2,00:01:42, ScrialO/0.12 

IA 10.1.45.0 [110/256] via 10.1.12.2,00:01:41, ScrialO/0. 12 

OLA 1 0. 1. 34.0 [110/1 92] via 10.1. 12.2, 00:0 1:41, ScrialO 0.12 

On \15 

R 5" Show ip route ospf ' lnc O 

OIA 1.1.1.0 [110/257] via 10.1.45.4, 00:02:36, ScrialO.. 0.54 

1 A 2.2.2.0 [110/193] via 10.1.45.4, 00:02:36, ScrialO/0.54 

1 A 3.3.3.0 [110.129] via 10.1.45.4, 00:02:45, ScrialO/0.54 

4.4.4.0 [110/65] via 10.1.45.4,00:02:45, ScrialO'0.54 

IA 10.1.12.0 [110/256] via 10.1.45.4,00:02:36, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4,00:02:36, ScrialO/0.54 

IA 10.1.34.0 [110/128] via 10.1.45.4,00:02:45, ScrialO/0.54 

Note when configuring per- interface authentication, the other routers on the OSPF 
rout in u domain do not need to have authentication enabled. 
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Task 14 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 4 
OSPF Cost 




so/ai: 
, I 



Ar£3_Q 



v 



\ 




\ 



I 
I 

10y1.iaO/24 / 




Lab Setup: 

> Configure R2 and R3 in Vlan 23 

> Configure the frame- relay connection between Rl and R2 in a point-to-point 
manner. 



Ip ad dressing 



Router 



Interface and IP address 



R 



Lo0 = 1. 1.1. 1 8 

SO 0.12 = 10. 1.12.1 24 



R2 



Loll = 2.2.2.2 fa 
SO/0.21 =10.1.12.2 '24 
F0/0= 10.1.23.2/24 



R3 



Lo0 = 3.3.3.3 ■« 
F0 0= 10.1.23.3 24 
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Task I 

Configure all three routers in OSPF area and advertise their directly connected 
networks in this area. Ensure that all routers have XLR] to every advertised network. 
Ensure that loopback interface's is advertised with their correct mask. 



On Kl 

R 1 (c o n fig)#ro u t cr o sp f I 

Rl i;config-routcr)#netw 0.0.0.0 0.0.0.0 arc 

R 1 (c o n fig-r o u t cr)#in t loO 

Rl (config-if)#ip ospf net point-to-point 

I his task is asking us to ensure that the loopback interfaces are advertised with 
their correct mask, one nay to accomplish this task is to change their network type 
to point-to-point. 

On R2 

R2(conf]g)#routcr ospf I 
R2i;config-routcr)*nctw 0.0.0.0 0.0.0.0 arc 

R2(config-routcr)#int loO 

R2 (c o n fig- if)#i p o sp f n ct wo r k p a in t -t o - no i nt 

On R3 

R3(config)#routerospf I 
R3i;config.routcr)#nctw 0.0.0.0 0.0.0.0 arc 

R3 (c o n fig-r o u t cr)#in t loO 

R3 icon fig- if)#ip ospf network point-to-point 

To verify the configuration: 

On Rl 

Rl^Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1A - OSPF inter area 

Nl - OSPF NSSA external type 1 , N2 - OSPF XSSA external type 2 
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El - OSPF external type 1, E2 - OSPF external t>pc2 
i - IS-IS, su - IS-IS summary, LI - 1S-1S lcvcl-i,*L2 - IS-IS lcvcl-2 
ia - IS- IS inter area. * - candidate default, L' - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set 

C 1.0.0. 0/8 i s di roc t h, r co n n cc ted , Log p b ac kO 

2.0.0.0 8 [110'65]'via 10.1.122,00:00:16, ScrialO/0.12 

O 3.0.0.0/8 [110 66] via 10.1.122, 00:00:16, ScrialO/0.12 

10.1.0.024 issubnetted, 2 subnets 
C 10. 1.12.0 isd ircctly connected, ScrialO/0. 12 
O 10. 123.0 [11 0/65 J via 10. 1.122, 00:00:1 6, Serial 0/0. 12 






Task 2 

Configure Rl such that it advertises a cost of 20 tor it's loopback interface. 






You should check the cost ol ne-hvork 1.0.0.0 /8 that is advertised to R2 by Rl. 

On R2 

R2"Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
XI - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - 1S-1S lcvcl-l,"L2 - IS-IS lcvcl-2 
ia - IS-IS inter area. * - candidate default, L' - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set 

O 1.0.0.0/8 [110/65] via 10.1.12.1,00:01:24, ScrialO/0.21 

C 2.0.0.0/8 is directly connected, LoopbackO 

O 3.0.0.0/8 [ 110/2] via 10.1 .23.3, 00:0 1 :24, FastEthcrnctO/0 

1 11 1 .0.0 24 is subnet ted, 2 subnets 
C 10. 1.12.0 is directly connected, ScrialO/0.21 
C 1 0. 1 23.0 is directly connected, FastEthcrnctO 




cc 
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Note, the cost of the loophack interface is 65: this is the result of ad dint; the cost oi 
the serial interface (100,000,000 / 1,544,000 = 64, remember to drop the decimal 
points) plus the cost of the loopback interface (100,000,000 / 8000,000,000 = 1, 

remember that you can't use decimals, therefore, you should round up to 1), 

Enter the following to change the cost of the loO interface on Rl: 

On Rl 

Rl(config-ii>int loO 

Rl (config-if)£ip ospf cost 20 

To verify the conf'iaumtion: 

On R2 

R2#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX -E1GRP external, ■ OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - 1S-1S. su - 1S-1S summary, LI - 1S-1S level- 1.L2 - 1S-1S lcvcl-2 
ia - IS-1S inter area. * - candidate default, U - pcr-uscr stalk route 
o ■ ODR, P ■ periodic downloaded static route 

Gateway of last resort is not set 

() 1.0.0.0/8 jl 10/84] via 10. 1. 12. 1, 00:00:07, ScrialO'0.21 

C 2.0.0.0/8 is directly connected, LoopbackO 

O 3.0.0.0/8 [110/2] via 10.1.23.3, 00:00307, FastEthcrnctO/0 

1 0.1 .0.0/24 is SLibnettcd, 2 subnets 
C 1 0. 1 .12.0 is directly connected, ScrialO'0. 21 
C 1 0. 1 .23.0 is directly connected, FastEthcrnctO 

Note, the cost after the configuration is 84, which is the sum of 64 (The cost of the 
serial interface) plus 20 (Which is the cost of the loO interface). 
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Task 3 

In the future a gigabit interface will be installed on one of the routers in this routing 
domain. Ensure that the costs of the other interfaces arc adjusted proportionally. 






On All Routers 

(config-if)#routcrospf 1 

(config-ro utcr")** auto- cost reference-bandwidth 1000 

#Clcar ip ospf proc 

Reset AL L OSPF processes? [no J: y 

By default, OSPF calculates the cost of an interface by dividing the bandwidth of the 
interface into 10(1 million. Using the default value, when your network has interfaces 
with a bandwidth greater than 100 million is not recommended, because, OSPF will 
not be able to differentiate between lOOmbps interface and an interface with a 
bandwidth that is greater than lOOmbps, "IP OSPF COST" command enables you 
to change the OSPF cost for an interface, but a better way to accomplish this is to 
change the default reference value used to calculate the OSPF cost of an interface. 
This value can be modified using the command "auto-cost reference-bandwidth". If 
you are planning to use this command, remember that every router in the OSPF 
routing domain must be configured as well. 






Task 4 

Remove the command configured in task3. 






On All Routers 

( co nlig-ifjrrro Liter ospf 1 

(config-routcr)#NO auto-cost reference-bandwidth 1000 

(config)#End 

#Clcar ip ospf proc 

Reset ALL OSPF processes? [no J: y 




cc 
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Task 5 

Configure the routers such that the Fast Ethernet interface of these routers will have a 
cost of 70. The other interfaces should have their cost calculated proportionally. 



On All Routers 

(config-rautcr)#roLitcr ospf 1 

i .:un] : .ir-[-;jLii ltj^ auto- cost reference-ban duidtli 7000 

The equation used by OSPF is as follows: 

Reference.' Ban dv^idth = Cost 

Rearranging the formula, we get the following equation: 

Reference = Cost X Bandwidth = 7(1 X 100,000.000 = 7,0011,000,000 

Reference is in units of Mbps, and by default its set to 100 which means 100,000,000 
bps, now we have to divide the result by 1000,000 to get the actual reference, which 
is 7000. 

So the cost reference should be changed to 7000 
To verify the config uratiun: 

On K3 

R 3;* Show ip ospf in t tD/Q 

FastEthcrnctuVO is up, line protocol is up 

Internet Address 10.1.23.3/24, ArcaO 

Process ID L Router ID 3.3.3.3 r Network Type BROADCAST, Cost: 70 

Transmit Delay is 1 sec, State BDR, Priority 1 
(The rest of the output is omitted) 



Task 6 

Erase the startup config and reload the routers before proceeding to the next lab. 
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\ 



Area 



/ 



s 



l.al> setup: 



^ C o n iia u rc R2 ' FO/0 and R3 ! s F 0/0 in V L AN" 23 



■- 



> Configure the frame-relay connection between R I, R2 and R3. R4 in a point-to- 
point manner. 
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I V Addressing 



Router 


Interface 


IP address 


Area 


Rl 


I ..::. IJ 


1.1.0.1/24 


Area 1 




Lol 


1.1.1.1/24 


Area 1 




Lo2 


1.1.2.1/24 


Area 1 




Lo3 


1.1.3.1/24 


Area 1 




SO/0.12 


10.1.12.1 /24 


Area 1 


R2 


Lfifl 


2,2,2,2 K 


Area 




SO/0.21 


10.1.12.2/24 


Area 1 




FO/0 


10. 1.23.2 ,'24 


Area 


R3 


LoO 


3.333 m 


Area 




SO/0.34 


10.1.34.3/24 


Area 2 




PO/O 


10. 1.23.3 ,.24 


Area 


R4 


LoO 


4.4.0.4 '24 


External 




LciL 


4.4.1.4/24 


External 




L«2 


4.4.2.4/24 


External 




Lo3 


4.4.3.4 '24 


External 




Lo4 


4.4.4.4 24 


.Area 2 




SO .'0.43 


10.1.34.4/24 


Area 2 



Task I 



Configure the routers as follows: 



P 



r 



R4 should redistribute the lour loopback interlaces (4.4.0.4 .'24 -4.4.3.4 .'24) in 

the OSPF routing domain. 

R4 should advertise it's Loopback 4 and Frame-relay interlace in Area 2. 

R 1 should advertise all of its interfaces an OSPF area 1 . 

R2 should advertise itsLoopbackO. F0 /'() interface in area and the frame-relay 

interlace in area I . 

R3 should advertise its LoopbackO, F0.0 interface in area 0, and its frame- relay 

interlace in area 2. 



On Rl 

R!(config)#routcrospf 1 

Rl (c o n fig-router)?* nctw 0.0.0.0 0.0.0.0 area 1 

On R2 

R2(config)#ro Liter ospf 1 
R2iconfia-routcr)snct\v 2.2.2.2 0.0.0.0 arc 
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R2(config-routcr)#nctw 10.1.23.2 0.0.0.0 arc 
R2i;config-routcr)£nctw 10. 1. 12.2 0.0.0.0 arc 1 

On R3 

R 3 ( c o n fig)#ro liter o sp f I 
R3[config-rautcr)f*nctw 3.3.3.3 0.0.0.0 area 
R3i;config-routcr)**nctw 10.1.23.3 0.0.0.0 arcaO 
R3i;config-router)#nctw 1 0. 1.34.3 0.0.0.0 area 2 

On R4 

R4(config)#acccss-list 4 permit 4.4.0.0 0.0.3.255 

R4(config)**ra Lite- map TEST permit 10 
R4(c on fig-route- map)** match ip addr 4 

R4(config-if)#routcr ospf 1 
R4(config-routcr)#nctw 4.4.4.4 0.0.0.0 arc 2 
R4(config-routcr)#nctw 10.1.34.4 0.0.0.0 arc 2 
R4(config-routcr)#rcdistributc connected subnets route-map TEST 

When redistributing routes into OSPF, the subnets keyword will redistribute all the 

subnets into OSPF. if this kej w ord is omitted, then only elassful networks \vill be 
redistributed into OSPF. 



Task 2 

Configure the OSPF routers such that the external routes arc summarized. 



On K4 

R4(config)rrrouterospf 1 

R4 fc o n fig-ro u tcr)#su mmary -add re ss 4 . 4 . .0 25 5 .2 5 5 .2 52 .0 

In OSPF, summarization can be configured on two types of routers: ABR.'s 
and/or ASBRs. The internal OSPF routes can only be summarized on ABRs 
whereas the external (redistributed) routes can only be summarized on ASBRs. 
When summarizing internal routes on ABRs the "area xx range"* command must 
be used, where xx is the area id. Summarization on ASBR can be accomplished 
by using the "summary-address" command. 
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To verify the configuration: 

On R3 

R3#Show ip route 

Codes: C - connected, S - Static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, ] A - OSPF inter area 
M - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external t>pc2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,'L2 - 1S-1S lcvcl-2 
ia - IS-1S inter area, * - candidate default, L* - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gatftway of last re sort is not set 

1 .0.0.0/32 is subnetted, 4 subnets 
OIA 1. 1. I.I L 1 10/66] via 10.1.23.2, 00: 13: 18, FastEthcrnctQ-'O 
O IA 1 . 1 . 0. 1 [ 1 10/66] via 10.1 .23.2, 00: 1 3: 1 8, FastEthcrnctO 
OIA 1 . 1 . 3. 1 [ 1 1 0/66] via 10.1 .23.2, DO: 1 3:1 8, FastEthcrnctO/0 
OIA 1 . 1 . 2 . 1 [ 1 1 0/6 6] via 1 . 1 . 23 . 2 , 00 : 13: 1 8, FastEt hcrnctO/0 

2.0.O.O'32 is subnetted, I subnets 
O 2222 [110/2] via 10.1.232, 00:13:50, FastEthcrnctO/0 
C 3.0.0.0/8 is directly connected, LoopbackO 

4.0.0.0/8 is variably submitted, 2 subnets, 2 masks 
() 4.4.4.4/32 1110/651 via 10.1.34.4, 00:13: 19, SerialO/0.34 
C) E2 4.4.0.0/22 |U0/20| via 10.1.34.4, 00:00:06, SerialO/0.34 

1 0. 1 .0.0/24 is subnetted, 3 subnets 
O LA 10. 1. 12.0 [110/65] via 10.123.2,00:13:19, FastEthcrnctO/ 
C 10. 1 .23.0 is directly connected, FastEthcrnctO. 
C 1 0. 1 .34.0 is directly connected, Serial 0/0. 34 

Note the external routes are summarized. 



Task 3 

Configure Area 1 such that networks (1.1.0.0 24, I.I. 1.0 24, 1.1.2.0/24 and 1.1.3.0 ,24) 
arc summarized into the OSPF routing domain. 



On R2 
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R2(config-routcr)#routcr ospf 1 
R2(config-routcr)#arca 1 range 1.1.0.0 255.255.252.0 

Note these routes are originated by Rl, but they can only be summarized by the 
ABR, in this topology the ABR is R2. Since the routes that are being summarized 
originated in area 1, the "area range" command must specify the area "area 1 
ran ae '' followed by the summary network address (1.1.0.(1) and then the subnet 
mask (255.255.252.0). 



Task 4 

The routers should NOT install a null route in the routing table when they summarize 
internal or externa! routes. 



In OSPF, the discard route is created automatically whenever a summary route is 
configured, there are rWB types of summary routes: Internal and External. 
When internal summary routes are configured, OSPF will inject an internal discard 
route, and \*hen an external summary route is configured, the OSPF process xn.il I create 
an external discard route. The discard routes are created to stop fonvarding loops. 

On R2 

R2#Show ip route 

Codes: C - connected, S - static. R - RIP. M - mobile. B - BOP 

D - EIGRP, EX -EIGRP external, - OSPF, LA - OSPF inter area 
M - OSPF NSSA external type I , N"2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area;, * - candidate default, U - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set This is the internal discard route 



1.0.0.0/8 is variably subnetted, 5 subnets, 2 masl 

1. 1.1.1/32 [11Q/65] via 10.1. 12. 1,00:1 3:53,£efial0 0.21 

O 1.1.0.0/22 is a summary, 00:13:53, Nu 110 

1.1.0. 1/32 [ 1 1 Q'65J via 10.1. 12. 1, 00: 1 3:53, Serial 0/0.21 

1 . 1.3. 1/32 [1 1065] via 10.1. 12.1, 00:13:53, Serial 0/0. 21 

O 1 . 1.2.1/32 [1 10'o5] via 10.1 . 12. 1, 00:13:53, ScrialQ/0.21 

C 2.0.0.0 8 isdircctly connected, LoopbackO 



CCIE R&$ by Narbik Koehariaiis Advanced CC1E R&S Work Book 2.11 Page 503 of 1068 

C 2009 MirbikKuchiriiiM. All riflhU rcirrved 



3.0.0.0/32 is subncttcd, I subnets 
3.3.3.3 [110/2] via 10.1.23.3,00:13:54, FastEthcrnctO. 

4.0.0.0/8 is variably subncttcd., 2 subnets. 2 masks 
1 A 4.4.4.4/32 [ 110/66] via 10.1 .23.3, CO: 1 3:54, FastEthernctO/0 
O E2 4.4.0. Q'22 [110/20] via 10.1.23.3, 00:13:54, FastEthernctO'O 

10.1.0.0/24 is subncttcd, 3 subnets 
C 1 0. 1 .12.0 is directly connected, ScrialO/0.21 

C 10. 1 23.0 is directly connected, FastEthcrnctO/0 

O IA 10.1.34.0 [11 0/65]" via 10.1.23.3, 00:13:55, FastEthcmctO/0 

On R2 

R2(config)#routcrospf I 
R2iconf]g-routcr)#N(> discard- route internal 

The discard route that we are discarding is the result of summarizing the internal 
routes, therefore we need to specify internal. 

To Verify thi' configuration: 



On K4 

R4 (c o n fig)#ro u t cr o sp f 1 
R4(config-routcr)r#N(> discard-i"oute external 

In the above command we are discarding the external discard-route that was created as 
a result of summarizing the external mutes. 



TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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L.ali Set up: 

>" L'sc the IP addressing chart below to assign IP addresses to the interfaces. 

> The frame-relay connection between Rl and R2 should be configured in a point- 

ii.j-pi.vni manner. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

J* 1, The frame-relay connection between R3 and R4 should be configured in a point- 
to-point manner. 

> R4 and R5's FO/0 interface should be configured in VLAN 45. 
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IP Addressing: 



Router 


Interface 


IP address 


Ri 


LoO 


1.1.1.1 ,24 




Lol 


10.1. I.I 24 




F R interface 


10.1.12.1 /24 


R2 


LoO 


2.2.2.2/24 




Lol 


20.2.2.2/24 




FO'O 


10.1.23.2 /24 




F/R interface 


10.1.12.2 '24 


R3 


LdO 


3.3.3.3/24 




Lol 


30.3.3.3 ^4 




FO/0 


10.1.213/24 




F R interlace 


10. 1.34. 3. 24 


R4 


LoO 


4.4.4.4/24 




Lol 


40.4.4.4 .'24 




FO'O 


10.1.45.4 '24 




F/R interlace 


10.1.34.4 ,'24 


R5 


LoO 


5 5 s s f24 




FO 


1 0.1. 4 5. 5. '24 



Task I 



> R I's Loop back I interface should be advertised in area 3 and its Frame- re lay and 
LoopbackO interface should be advertised in area 1 

> R2 : s LoopbackO and its frame- relay interface should be configured in area 1 and 
it's Loopbackl and FO'O interface should be configured in area 

3** R3's LoopbackO and FO'O interface should be configured in arcaO and its frame- 
relay and Loopbackl interface should be configured in area 2. 

5* R4's frame-relay and LoopbackO interface should be configured in area 2 and its 
F0/0 and Loopbackl interface should be configured in area 4. 

> R5's Loopback and F0/0 interlace should be configured in area 4. 



On RI 

Rl(config-if)#routcr ospf I 
R I (config-routcr)#routcr-id 
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config-routcr^nctw 10. 1. 1. 1 0.0.0.0 arc 3 
config-routcr}#nctw 10.1.12.1 0.0.0.0 arc 1 



Rli; 
Rli; 

RI(config-routcr)r*nct\v I.I. I.I 0.0.0.0 arc 1 



On R2 

R2(config)rrro Liter ospf I 
R2(config-ro Liter)?* router- id 2.2.2.2 
R2(config-routcr)#nctw 10.1.12.2 0.0.0.0 arc I 
R2i;config-routcr)#nctw 2.2.22 0.0.0.0 arc I 
R2i;conrig-roLitcr)#nct\v 1 0. 1.23.2 0.0.0.0 arc 
R2(config-routcr)*nctw 20.2.2.2 0.0.0.0 arc 

On R3 

R 3 i c o n fig- if)#ro ut cr o sp f I 
R3ieonfig-routcr)#routcr-id 3.3.3.3 
R3i;config-routcr)#nctw 10.1.23.3 0.0.0.0 arc 
R3 (con fig-ro utcr)#nctw 3.3.3.3 0.0.0.0 arc 
R3(confignroutcr)#nct\v 10. 1.34.3 0.0.0.0 arc 2 
R3i;config-routcr)f*nct\v 30.3.3.3 0.0.0.0 arc 2 

On R4 

R4(config)#routcrospf 1 
R4(config-rou ter)#routcr-id 4.4.4.4 
R4(config-routcr)#nctw 10.1.34.4 0.0.0.0 area 2 
R4(config-routcr)#nct\v 4.4.4.4 0.0.0.0 arc 2 
R4(config-routcr)#nctw 10.1.45.4 0.0.0.0 arc 4 
R4(config-routcr)#nctw 40.4.4.4 0.0.0.0 arc 4 

On R5 

R 5 ic o n fig)#ro u t cr o sp 1" I 
R5 (c o n fig-ro li tcr)#ra ut cr- id 5.5.5.5 
R5i;eonfig-router)#nctw 10.1.45.5 0.0.0.0 arc 4 
R5 (con fig-ro utcr)#nctw 5.5.5.5 0.0.0.0 arc 4 



Task 2 

Ensure that the routes from area 3 arc reachable by Rl , R2, R3 and R4. Do NOT use a 
GRE Tunnel to accomplish this task. 

COE R&S by Narbik Kochartans Advanced CCIE R&S Work Book 2.11 Page 507 of 1068 

C MOD Virbik Kucha rum. All rij[hU raervetl 



Area 3 is XOT connected to area 0: the other routers mm*t he ahle to see the 

route advertised by this area (10.1.1.0 .' 24). A virtual-link must he created that 

connects Rl (The ABR of area 3) to area 0. 

On Rl 



R I (c o n figure) liter sp f I 

Rl (config-routcr^arca 1 virtual- link 2 2. 2.2 

On R2 

R2 ( c o n fig)#ro u t cr o sp f I 
R2(config-routcr)p i arca 1 virtual- link I.I.I. I 

To \ 'erify the configuration: 

On R2 

R2#Show ip route 

Codes: C - connected, S • static, R - RIP, M ■ mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, - OSPF, 1 A - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1. E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S level- 1,'l2 - IS-1S lcvel-2 
ia - IS- IS inter area, * ■ candidate default, L" ■ per- user static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

1 .0.0.0.24 is subnetted, I subnets 
O 1. 1. 1.0 [110/65J via 10.1.12. 1, 00:00:09, ScriaiO 0.21 

2.0.0. Q'24 is subnetted, I subnets 
C 22.2.0 is directly connected, LoopbackO 

3.0.0. 0/24 is subnetted, I subnets 
O 3.3.3.0 [110/2] via 10. 1.233, 03:00:09, FastEthcrnctO/0 

4.0.0.0/24 is subnetted, 1 subnets 
O IA 4.4.4.0 [1 1 0'66j via 10. 1.23.3, 00:00:09, FastEthcrnctO 

20.0.0.0/24 is subnetted, 1 subnets , Xole the mute from area 3 is 

C 20. 2 .2 . is d ircc tly co nn cc t cd , Loo p back-^ ad v e rt i sed 

1 .0 .0 . 0.' 24 i s suh n e It e d, 1 su h ne t s A'""" 
() I A 10.1.1.0 1110/651 via 10.1.12.1, 00:00:00, SerialO/0.21 

10.1.0.0/24 is subnetted, 3 subnets 
C 10.1.12.0 is directly connected, ScriaiO 0.2! 
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c 


1 0. 1 .23.0 


is directly connected. 


FastEthcm 


ctO/0 


OIA 


10.1.34.0 [110/651 via 10.1. 23 


3, 00:00:0 


2. FastEthcmctO 


30.0.0. 0/24 i 


& SLibncttcd, 


I subnets 






OIA 


30.3.3.0 


[110/2] via 


1 0. 1 .23.3, 


00:00:02, 


FastEthcrnctQ'O 



Task 3 

Ensure that all the advertised networks arc reachable by all the routers. L'sc any IP 
addressing and do NOT use a Virtual-link to accomplish this task. 



The routing table of R5 reveals that only network 40.4.4.0 / 24 was propagated by 

R4. The ii' a son lor this behavior is as follows: 

Area 4 does not have a connection (Logical or Physical) to area 0. 

In order to rectify this problem we must create a virtual-link, since virtual-link is 

nut allowed in this task a GRE tunnel must be used. 

To display the routing table of R5 before creating a GRE tunnel; 

On R5 

R5#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type 1 . X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - 1S-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

5.0.0.0/24 is SLibncttcd, 1 subnets 
C 5.5.5.0 is directly connected, LoopbackO 

40.0.0.0/24 is SLibncttcd, I subnets 
() 40.4.4.0 ' [110/2] via 10.1.45.4, 00:04:00, FaslEthernetO/0 

10.1.0.0/24 is SLibncttcd, 1 subnets 
C 1 0. 1 .45.0 is directly connected, FastEthcrnetO/0 

To fix this problem we must create a GRE tunnel as follows: 
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On K4 

R4 (con fig- if)#ro Liter ospf 1 
R4(config-routcr)#nctw 200.1 .34.4 0.0.0.0 arc 

R4(config)#int tul 

R4(config-if)#ip addr 200. 1.34.4 255.255.255.0 
R4(config-if)#tunncl so urce 1 0. 1. 34.4 
R4(config-if)#tunncl destination 1 0. 1. 34.3 

On R3 

R 3 (eon fig)#ro u t cr o sp f I 
R3(eonfig-roLitcr)#nct\v 200. 1 .34.3 0.0.0.0 arc 

R3(config)#int tul 

R3(config-ilVip addr 200.1.34.3 255.255.255.0 
R3 (c o n fig- if )#tu nnc 1 so urcc 1 . 1 . 34. 3 
R3(config-if)#tunncl destination 1 0. 1. 34.4 

To Verify the configuration: 

On R5 

R5#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX -E1GRP external O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, U - per- user static route 
o - ODR. P -periodic downloaded static route 

C3 ate way of last resort is not set 

1.0.0.0/24 issubnetted, 1 subnets 
O 1 A 1 . 1 . 1 . [ 1 1 ' 1 1 1 78] via 1 0. 1 .45.4, 00:00:07, FastEthcrnctO/0 

2.0.0.0/24 is sub net ted, I subnets 
O 1 A 2.2.2.0 [110, 1 1 1 14] via 10.1 .45.4, 00:00:07, FastEthcrnctO/0 

3.0.0.0/24 issubnetted, 1 subnets 
O IA 3 . 3. 3. [ 1 1 1 1 1 1 3 J via 1 . 1 . 45 . 4 , 00 : 00 : 7 , FastE thcrnctO/0 

4.0.0.0 24 issubnetted, 1 subnets 
() [A 4.4.4.0 [110 2; via 10.1.45.4,00:00:47, FastEthcrnctO 
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1A 200. 1.34.0/24 [110/1 1112] via 10.1.45.4, 003(30:47, FastEthcrnctO/0 

20.0.0.0/24 is subnet ted 1 subnets 
1A 2022.0 [110 111 14] via 10.1.45.4, 00:00:08, FastEthcrnctQ'O 

5.0.0.0/24 is subnetted, 1 subnets 
C 5.5.5.0 is directly connected. LoopbackO 

40. 0.0. 0/24 is subnetted 1 subnets 
O 40.4.4.0 [110/2] via 10.1.45.4, 00:00:49, FastEthcrnctO 

10.0.0.0/24 is subnetted, 1 subnets 
QlA 10.1.1.0 [110/11 178] via 10.1.45.4,00:00:09, FastEthcrnctO'O 

10.1.0.Q'24 is subnetted 4 subnets 
O 1A 10.1.12.0 [110 1 1 177] via 10. 1.45.4, 00:00:09, FastEthcrnctO/0 
OIA 10.123.0 [110/1 11 13] via 10.1.45.4,00:00:09, FastEthcrnctO'O 
IA 10.1.34.0 [110/65] via 10.1.45.4, 00:00:49, FastEthcrnctO, 
C 1 0. 1 .45.0 is d irCctly connected, FastEthcrnctO/0 

30.0.0.0/24 is subnetted I subnets 
O 1 A 30.3.3.0 [1 10/66] via 10.1.45.4, 00:00:49, FastE thcrnctO/0 

Note all the routes are advertised. The IP address of the tunnel interface MUST be 
advertised in area or else the tunnel will not work. 






Task 4 

Remove the configuration from the previous task and replace it with virtual- link. 






On R4 

R4 (con fig- if)#ro titer ospf 1 

R4(config-routcr)#\0 nerw 2(1(1.1.34.4 0.0.0.0 are 

R4(config)#\Ointtul 

R4 (c o n fig)#ro uter o sp f 1 

R4 (c o n fig-ro u ter)#arca 2 vi rtua 1- li nk 3.3.3.3 

On R3 

R 3 (con fig-ro Liter ospf 1 

R3(config.routcr)#\0 netw 2(1(1.1.34.3 (1.0.0.0 are 

R3(config)#\Ointtul 
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R3(config)#routcrospt'' 1 
R3(config-routcr)#arca 2 virtual- link 4.4.4.4 






I ask 5 

Configure a simple clear text authentication tor the virtual-link that connects area 3 to 
area 0. Use "Cisco 1 ' as the password 






On m 

Rl (config)#ro utcr ospf 1 

RI(config-routcr)#arca 1 virtual-link 2J2.2.2 authentication 

Rl (config-routcr)#arca 1 \irtual-link 2.2.2.2 authentication -key Cisco 

On R2 

R2(config)#routcrospf 1 

R2(config-routcr)#arca 1 virtual-link 1.1.1.1 authentication 

R2(config-routcr)r i arca 1 virtual-link 1.1.1.1 authentication -key Cisco 






Task 6 

Configure \iD5 authentication lor the virtual-link that connects area 4 to area 0. use 
"eisco" as the password. 






On R4 

R4 ( jc o n fig )# ro ut cr o sp f 1 

R4(config-routcr)#arca 2 virtual-link 3.3.3.3 authentication message-digest 

R4(config-routcr)#arca 2 virtual-link 3.3.3.3 message-digest -key 1 md.5 eisco 

On R3 

R 3 (c o n fig )#ro u t cr o sp f 1 

R3(config-routcr)r i arca 2 virtual- link 4.4.4.4 authentication message-digest 

R3(config-rautcr)T*arca 2 virtual-link 4.4.4.4 mcssagc-digcst4<;cy 1 md5 cisco 
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Task 7 

Change the password frcnn "Cisco" to "CCIE" for the virtual-link that connects area 4 to 
area 0, without interrupting the link. 



On R4 












R4 (con fig )#ro Liter ospf 1 












R4(config-routcr)r*arca 2 virtual-link 3.3.3.3 


message- 


d igest-key 2 


mdSCClE 


On K3 












R3(config)#ro Liter ospf 1 












R 3 ( c o n fig-ro u t cr ) #ar ca 2 


virtual- link 4.4.4.4 


message- 


digest -key 2 


md5 


CCIE 



TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 7 
OSPF Stub, Totally Stubby, and NSSA Areas 



Area 1 




Lab Setup: 

> R4 and R5's FQ/Q interface should be configured in VLAN 45. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

> The frame-relay connection between RI. R2 and R3. R4 should be configured in a 
point-to-point manner. 

> Use the IP addressing chart below to assign IP addresses to the routers. 
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IP Addressing: 



Router 


Interface 


IP address 


Ri 


LoO 
SO 0.12 


1.1.1.1 24 
10.1.12.1 24 


R2 


LoO 
Lol 
FO/0 
SO/0.21 


m? : v ? , 4 

22.2.2.2 -24 

10.1.23.2/24 

10.1.12.2/24 


R3 


LoO 
FO/0 

SO 0.34 


J ft j j J ' — r 

10.1.23.3 24 
10.1.34.3 24 


R4 


LoO 
Lol 
FO/0 
SO/0.43 


4.4.4.4 ,24 
44.4.4.4 tl4 
10.1.45.4/24 
10.1.34.4 24 


R5 


LoO 
FO/0 


§ S s § ^4 

10.1.45.5, 24 



I ask I 

Configure OSPF as follows: 
>• Configure Rl's LoopbackO and Frame- relay interlace in area 1 

> Configure R2's LoopbackO and Frame-relay interface in area 1 and R2 : s 
Loopback! and FO/0 interface should be configured in arcaO. 

£■ Configure R3's LoopbackO. F0/0, and Frame- relay interface in OSPF area 0. 

> Configure R4's LoopbackO, and Frame- relay interface in area 0, and it's 
Loopback 1 and FO/0 in OSPF area 2. 

'<r Configure R5 ! s LoopbackO and F0/0 interface in OSPF area 2. 

^ The loopback interfaces must be advertised with their correct mask. 



On kl 

Rl(config)#routcrospl* I 
Rlfconfig-routcr^nctw 1. 1. I.I 0.0.0.0 are 1 
Rl(cpnfig-routcr)*nct\v 10. 1.12.1 0.0.0.0 arc 
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Rlfconfig^lntcrfacc Lot) 

Rl (config-if)f*]p ospf network point-to-point 

On R2 

R2(config-if)#roLitcr ospt" 1 
R2(conf]g-routcr)#nctw 2X12 0.0.0.0 area 1 
R2i;config-routcr)#nctw 22.2.2.2 0.0.0.0 arc 
R2i;config-routcr)#nctw 10.1.12.2 0.0.0.0 arc 1 
R2i;config-routcr)#nctw 1 0. 1.23.2 0.0.0.0 arc 

R2(config)#Interiace LoO 

R2(config-if)#]p ospf network point-to-point 

R2(config')#]ntcrface Lol 

R2(config-if)#]p ospf network point-to-point 

On R3 

R3('config-if)rfrt)Litcr ospf 1 
R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 are 
R3(config-routcr)#nctw 10.1.23.3 0.0.0.0 arc 
R3i;config-router)^nctw 1 0. 1.34.3 0.0.0.0 arc 

R3i;config)#Interiacc LoO 

R3(config-if)#]p ospf network point-to-point 

On K4 

R4 (con fig- ifWro utcr ospf 1 
R4 (c o n fig-ro u tcr)#nctw 4 . 4. 4 .4 . 0. 0. arc 
R4(eonfig-routcr)#nctw 10. 1.34.4 0.0.0.0 arc 
R4(config-roLitcr)fi ! nctw 44.4.4.4 0.0.0.0 arc 2 
R4i;config-routcr)#nctw 10.1.45.4 0.0.0.0 arc 2 

R4(eonfig)#]ntcriaec LoO 

R4ieonfig-if)#]p ospf network point-to-point 

R4(config)#]ntcrfacc Lol 

R4(config-if)f*]p ospf network point-to-point 

On R5 

R5(config-if)#routcr ospf 1 
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Rficonfig-routcr^nctw 5.5.5.5 0.0.0.0 arc 2 
R5(config-routcr)r#nctw 1 0. 1.45.5 0.0.0.0 arc 2 

R5(config)#]ntcrikcc LoO 

R5(config-if)f*]p ospf network point-to-point 



I ask 2 



Configure area 1 such that it docs not receive LSA types 4 and 5. 



On kl 

R! (config)#ro Liter ospf I 
R](config-roLitcr)r*arca 1 stub 

On K2 

R2 (c o n fig )#ro Liter ospf 1 
R2(config-routcr)#arca I stub 

Important points to understand about a STUB area: 

> A STUB area can nut be a transit area for Virtual link but a GRE tunnel can 
be used instead. 

'* A STUB area can not have an ASBR. 

> The back bone area can not be configured as a STUB area. 

> Every router and the ABR of that area should have " area \x stub" 
command. 

> No LSA type 5 (El, or E2) is allowed in a STUB area, but the routers, in the 
STUB area can connect to the External mutes via the default mute that is 
injected in the area by the ABR. 

> By default, the cost of the default mute is 1: this can be verified by "Show ip 
ospf ", and Show ip route. The cost of the default route can be changed by 

" area \\ dul'auU-cost cc ". nhere w in (he filffta number, and ee is (he desired 
cost 
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Task 3 

Area 2 should not receive LSA types 3, 4 and 5. 






On R5 

R 5 (c o n figure u t cr o sp f 1 
R5(confag-routcr)#arca 2 stub 

The above command must be configured on all the routers within this area. 

On R4 

R4 ( c o n figure u t cr o sp f 1 
R4(config-router)#arca 2 stub no-summary 

The above command must only be configured on the A BR of this area. 

Note you can reduce the routing table further by configuring an area as totally 
stubby. Since all the I A and E (Inter-area and External) routes are reached t lire ugh 
the A BR and the ABR has injected a dei'ault route into the area, there is not reason 
to maintain the IA routes and they should be filtered. 






Task 4 

Crcatc'con figure the following loopback interfaces on Rl and redistribute them into 

OSPF routing domain: 

Lol = II. 1.0.1 /24, Lo2= 11.1.1.1 ..24, Lo3=l 1.1.2. 1/24 and Lo4 = 1 1.1.3.1/24 

After the redistribution, area 1 should only receive and propagate LSA types 1, 2, 3 and 
7. This area should not have the ability to connect to any external routes redistributed else 
where within this routing domain. 






On Rl 

Rl(config)#routcrospf 1 

Rl iconfig-routcr)#M) area 1 stub 

Rl (con tig-rout cr)#arca 1 nssa 

On R2 




cc 
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R2(config)#routcrospf' 1 




R2(eonfig-routcr)r*M) area 1 stub 




R2(config-routcr)r 1 arca I nssa 




On kl 




Rl(config-if)#int lol 




Rl fconfig-it>ip addr 11 . 1 .0. 1 255.255255.0 




Rl(confIg-if>int lo2 




Rl (config-if)#ip addr I l.I.I J 255.255.255.0 




R 1 (config-if)#int lo3 




Rl (config-if)#ip addr 11.1 .2.1 255255.255.0 




Rl(config-if)#int lo4 




Rl(config-ii>ip addr 1 1. 1.3.1 255255255.0 




Rl(config)#access-list 1 permit 1 1.1.0.0 0.0.3255 




Rl (configure) Lite- map TEST permit 




R 1 (c o n flg-r o Lite- map )# match ip addr 1 




Rl (configure) Liter ospf 1 




Rlfconfig-routcr)# red is tribute connected route- map TEST sLibncts 




Note when configuring an area as an NSSA area, by default the 0/0 mute will not be 


injected by the A BR of that area. 





Task 5 



Crcatc'configurc the following loopback interfaces on R5 and redistribute them into 

OSPF routing domain: 

Lol = 55.1.0.5/24, Lo2= 55.1. 1.5 24. Lo3=55. 1.2.5/24 and Lo4 = 55.1.3.5 /24 



After the redistribution, the routers in this area should only maintain and propagate LSA 
types 1 , 2, 3, 7 and a default route. 



On K5 

R5(config)#int lol 

R5i;config-if>ip addr 55. 1 .0.5 255255255.0 

R5i;conf1g-if>int lo2 
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R5(config-ii>ip addr 55. 1 .1 .5 255.255.255.0 

R5(config-ii>int lo3 

R5(config-if)#ip addr 55.1.2.5 255.255.255.0 

R5(config-if)#int lo4 

R5(config-ii>ip addr 55.1.3.5 255.255.255.0 

R5(config)#acccss-list 1 permit 55.1.0.0 0.0.3.255 

R5(config-if)#routc-map TEST permit 10 
R5(config-routL>map)fi ! miitch ip addr 1 

R 5 1 c o n tig )H ro liter o sp 1' I 

R5(config-routcr)rmo area 2 stub 

R5(conf]g-routcr)r?arca 2 nssa 

R5(config-routcr)rrrcdistributc connected subnets route-map TEST 

On K4 

R4(config)r*ro Liter ospf 1 

R4(config-router)#\0 area 2 stub no-summary,.. 

R4 (con fig-ro Liter)?* area 2 nssa default- in formation -origin ate 

Note when the "area stub no- sum ma. it" command is configured and must he 
removed, the "no area 2 stub no-summary" command will only remove the '"no- 
summary" part of the command. You must remember to enter the "no area 2 Stub" 
command again to remove the entire command. 

R4 ( c o n fig-re u t cr J# N( ) a r e 2 st ub^, 

R4(config-routcr)#area 2 nssa default-information-originate 

Note the default-information-originate command at the end of area 2 nssa will inject 
a default route into the area. 



Task 6 

Area I should be changed such that it receives and propagates LSA types 1, 2, 7 plus a 
default route. This area should NOT maintain Inter-area mutes, but must have the ability 
to connect to these routes. 
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On R2 

R2(config)#routcrospf 1 
R2(config-routcr)r*area 1 nssa no-summary 

The- "no-summary" keyword filters the summary LSAs which are the LSA type 3s. 






Task 7 

The defauit route that was injected into area 1 should have a cost of 50. 






On R2 

R2i;conf]g)i*routcrospf I 
R2(config-routcrV#arca 1 default-cost 50 

By default, the cost of the default route injected into a given area is 1: this can he 

verified bv "Slum ip route'" command, re member v>hen looking at the output of the 

"Show ip route'" command, the cost of the default route should he 65, this is the cost 

of the link to the ABR (The frame-relay link) plus 1 (The default cost of the default 

route). 

The default cost of the injected default route can he changed using the "Area xx 

default-cost cc'", where cc is the new cost replacing the default value. 

Note the new cost of the default route after configuring this task should be 114 (64 - 

50). 




TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab 
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Lab 8 -OSPF Filtering 



Area 1 




l.al> Set up: 

• Con figure al 1 frame- relay 00 nncc t k) ns i n a po in t-to -po i nt man ncr. 

• Configure the serial interface connecting Rl to R3 as HDLC. 

• Use the IP addressing scheme below for IP addressing assignment. 
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IP Addressing scheme: 



Routers 


Interface . IP Address 


Connecting to: 


Rl 


SO/0.12-10.1.12.1 .'24 
SO/1 -10.1.13.1 .'24 


R2 
R3 


R2 


SO/0.21- 10.1.12.2/24 
SO/0.23- 10.1.23.2/24 


Rl 

R3 


R3 


SO/0.32- 10.1.23.3/24 
SO/0.34-10.1.34.3/24 

SO/1 -10.1.13.3 ,'24 


R2 
R4 
Rl 


R4 


SO/0.43-10.134.4 '24 
SO/0.45-10.1.45.4 '24 


R3 


R5 


SO/0.54- 10.1.45.5 /24 


R4 



Task I 



Configure RTs Frame-relay interlace to R2, Rl 's HDLC connection to R3. R2 ! s Frame- 
relay connection to Rl and R3. R3 ! s Frame-relay connection to R2 and R3 1 sHDLC 
connection to Rl in Area I. Configure the bandwidth of SO/1 interlace on Rl and R3 to 
I2SK using the "bandwidth" command. 



On Rl 






Rl(config)#IntSO/l 
Rlfconfig-itVBandwidth 128 






R 1 (c o n fig)#ro titer o sp 1* 1 

Rl i;config.routcr)#nctw 10.1.12.1 0.0.0.0 

Rli;config-routcr)#nctw 10.1.13.1 0.0.0.0 


area 1 
area 1 


On R2 






R2(config)#routcr ospf I 
R2(config-routcr)#nct\v 1 0. 1. 12 
R2 (c o n fig-ro u tcr)#nct w 10.1. 23 


2 0.0.0.0 
2 0.0.0.0 


area 1 
area 1 


On R3 






R3(CCnifigJ#Inl SO/1 

R3(config-if)#Band\\idth 1 28 






R3(conf]g .^router ospf I 
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R3(ocmfig-routcr)#netw 1 0.1. 13.3 0.0.0.0 area 1 
R3(config-routcr)#nctw 10.1.23.3 0.0.0.0 area 1 

To verify the configuration: 

On RI 

R L#Sliow ip route ospf 

10.0.0. 0/24 i s gu bn et ted 3 sub nets 
C ) ! 0. 1 . 2 3. [ 1 1 0/ 1 2 8 J v ia 1 .1.12 .2 , 00: 00 :44 , ScrialO/0 . 1 2 






Task 2 

Configure R3's frame-relay connection to R4 and R4 ! s Frame-relay connection to R3 in 
Area 0. 






On R3 

R 3 (configure Liter ospf 1 
R3(config-routcr)#nct\v 10.1.34.3 0.0.0.0 area 

On R4 

R4 (con figure Liter ospf 1 
R4(config-router)#nctw 10. 1.34.4 0.0.0.0 area 

I o verify the configuration: 

On R4 

R4#Show ip route ospf 

10.0.0. 0'24 is subnet ted, 5 subnets 
1 A 1 0. 1 . 1 3.0 [1 1 0/845] via 10.1 .34.3, 00:00:35, SerialO'0.43 
1A 10.1.12.0 [110/192] via 10.1.34.3,00:00:35, ScrialO/0.43 
IA 10.L23.0 [110/128] via 10.1.34.3, 00:00:35, ScrialO/0.43 




cc 
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Task 3 

Configure R4's Frame- re lay connection to R5 and R5 ! s Frame-relay connection to R4 in 
Area 2. 






On R4 

R4 fc o n figure liter o sp f 1 
R4(config-router)#nctw 10.1.45.4 0.0.0.0 area 2 

On R5 

R 5 (c o n fig )# router sp f 1 
R5i;config-routcr)#nct\v 10.1.45.5 0.0.0.0 area 2 

To verify the configuration: 




On R5 

R5#S1icfw ip route ospf* 

10.0.0.0/24 issubnetted, 5 subnets 
OIA 10.1.1 3.0 LI 1 0. 909] via 10.1.45.4, 00:00:37, ScrialO/0.54 
[A 10.1.12.0 |110/256] via 10.1.45.4,00:00:37, ScrialO/0.54 
1A 10.123.0 [110/192] via 10.1.45.4,00:00:37, ScrialO/0.54 
OIA 1 0.1.34.0 [110/128] via 10.1. 45.4, {1:1:00:37, ScrialO/0.54 




Task 4 

Create the following loopback interlaces on Rl and advertise them in Area 1. 
LoopbackO- 1.1.1.1 24 
Loopback I - 1 1.1.1.1 !2A 

Loopback 2- 100.1.1.1 .24 
Loopback 3 - 1 1 1 . 1 . 1 . 1 24 






On RI 

Rl(config)#int loO 

Rli;config-if)#ipaddr 1.1.1.1 255.255.255.0 




cc 


IE R&* bj NflrWk KocharLans Advanced CCIE R&S Work Book 2.0 Page S2Sofli 

C2Q09 Narbik Kucha riaiu. All riflhU rnerved 


168 



Rl(config-il>int lol 

Rl .(config-ii>ip addr 1 1 . 1 . 1 . 1 255.255.255.0 

Rl(config-if)#int lo2 

Rl(config-if)#ipaddr 100. 1. I.I 255255.255.0 

Rl(config-if)*intlo3 

Rl(config-if)#ip addr I I 1. 1. 1.1 255255.255.0 

Rl(eonfig)#routcrospi' I 
Rl (eonfig-routcr^nctw 1.1.1.1 0.0.0.0 area 1 
Rl(config-routcr)#nctw I 1 . 1. 1. 1 0.0.0.0 area I 
Rl(config-routcr)#nctw 100. I.I.I 0.0.0.0 area 1 
Rl(confign:outcr)#nctw I I I.I.I. I 0.0.0.0 arc 1 

To tfst thi' confijjuration: 

On R5 

R5#Show ip route ospf inc 1A 

O I A l.l.l.L 1110/2571 via 10.1.45.4, 00:02:52, SerialO/0.54 

O I A 100.1.1.1 1 110/2571 via 10.1.45.4, 00:02:31, 5erial0/0.54 

OIA 111.1.1.1 |110/2571 via 10.1.45.4, 00:02:31, SerialO/0.54 

1A 10.1.13.0 [110/909] via 10.1.45.4, 00:09:36, ScrialO'0.54 

IA 10.1.12.0 [110/256] via 10.1.45.4, 00:09:36, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4,00:09:36, ScrialO/0.54 

O IA 10.1.34.0 [110/128] via 10.1.45.4, 00:09:36, ScrialO'0.54 

() I A 1 1.1.1.1 1 1 10/2571 via 10.1.45.4, 00:02:42, SerialO/0.54 



Task 5 

Configure the router-id of the routers based on the following: 

Rl - 1. 1. I.I 
R2 - 2.2.22 
R3- 3.3.3.3 
R4 - 4.4.4.4 

R5- 5.5.5.5 



On Rl 
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Rl(config)#routcrospf I 

Rl (config-routcr^routcT-id I . I . I . I 

R I "Ccar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On R2 

R2(config)#routcrospf I 
R2iconfig-routcr)#routcr-id 2J2.2.2 

R2#Clcar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K3 

R3(config)#routcrospf I 

R3 f c o n fig-ro u t cr )# ro ut cr- id 3.3.3.3 

R3# Clear ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K4 

R4(config)#routcrospf 1 

R4 (c o n fig-ro u ter)# ro ut cr- id 4 .4 . 4 .4 

R4rrCicar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K5 

R5(config)-ro Liter ospf I 

R5( con fig -router)?* router- id 5.5.5.5 

R5r*Ocar ip ospfproc 

Reset ALL OSPF processes? [noj: Y 



Task 6 

Configure R2 to filter network 1.1.1.0 .'24 from its routing table. 
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On R2 

R2*Show ip route 1 .1.1 .0 255.255.255.0 
% Subnet not in tabic 

>o(u (his network is not in (lit. 1 routing table of R2, because the loopback 
interfaces ultl'NOT ad\ ertised with their correct mask. To il\ this problem, 
we should advertise all the loop back interfaces from the previous task with 
their correct mask. Sometimes this can be a problem where an unbelievable 
amount of time is spent looking for a prefix that does not exist. 

On Rl 



Rlfcc.nfig)#int Io0 

Rl (config-if)#ip ospf network point-to-point 

Rl(config-it>int lol 

R I ( c o n fig- if )#i p ospf n ct wo r k po in t-to - po i nt 

Rl(config-ii>int lo2 

Rl (config-if)#ip ospf network point-to-point 

Rl(config-it>int lo3 

Rl (config-if)#ip ospf network point-to-point 

On R2 

R2*Show ip route 1. 1.1.0 255.255.255. 

Routing entry for 1.1.1. 0/24 
Known via "ospf 1 '", distance 1 10, metric 65. type intra area 
Last update from 10.1.12.1 on Scrial0/0.21, 00*:02:15 ago 
Routing Descriptor Blocks: 

* 1 0. 1 . 1 2. 1 , from 1 . 1 . 1 . 1 , 00:02: 1 5 ago, via ScrialO/0.2 1 
Route metric is 65. traffic share count is 1 

The following solution only affects the router that it's configured on, unless the 
filtering is done on the A BR from area (I into other areas, in which case it will 
effect all routers down stream to that Area (I. 

On R2 

R2(config)#Acccss-list I deny 1.1.1.0 0.0.0.255 
R2(config)#Acc ess -list 1 permit any 

R2(config)^roLitcr ospf 1 
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R2 (con fig-router)?* distribute- list 1 in 
To verify the configuration: 

On R2 

R2#Show ip route ospt' 

100.0.0.0/24 is subncttccL I subnets 
100.1.1.0 [110/65] via 10.1.12.1, 00:00:30, Serial0/0.21 

111.0.0.0/24 is subnetted, 1 subnets 
I I 1. 1. 1.0 [110/65] via 10.1.12.1, 00:00:30, Scrial0/021 

1 0.0.0. Q'24 is subnet ted. 5 subnets 

10.1.13.0 [110/845] via 10.1.23.3, 00:00:30, SerialQ/0.23 

[1 lQ'845j via 10.1.12.1, 00:00:30, ScrialO/0.21 

LA 10.1.45.0 [110/192] via 10.1.23.3, 00:00:30, SerialQ/0.23 

1A 1 0.1. 34.0 [110/128] via 10.1.23.3, 00:00:30, SerklO/0.23 

I 1.0.0.0/24 is subnet ted, I subnets 
11.1.1.0 [110/65] via 10. 1 .12.1, 00:00:30, Scrial0/021 

Note the "distribute-list in" sub-router configuration mode command can be 
used when filtering anv type of LSA on a given router ONLY, this command 
0\LV filters the prefix from the local routers routing table and NOT the 
database. The output of the following "Shaw* 1 command reveals that 113 is 
learning network 1.1.1.(1/24 through R2, even though this prefix is NOT in 
R2*s routing table. 

On R3 

R3#Show ip route ospf" 

1.0.0.0/24 is sub netted, 1 subnets 
O 1.1.1.0 1110/1291 via 1(1.1.23.2, 1)0:03: 11, SerialO/0.32 

100. 0.0. 0/24 is sub net ted, I subnets 
O 100.1.1.0 [110/129] via 10.1232, 00:03:1 1, ScrialO 0.32 

111.0.0.0/24 is subncttctL 1 subnets 
1 1 L 1. 1.0 [ 11 129] via 10. 1 .23.2, 00:03: 1 1 , ScrialO/0.32 

10.0.0.0 24 issubnetted, 5 subnets 
O i 0. 1 . 1 2.0 [110/128] via 10. 1 232, 00:03: 1 1 , ScrialO/0.32 
O [A 10.1.45.0 [110/128] via 10.1.34.4, 00:03:1 1, SerialO/0.34 

1 1. 0.0. 0/24 issubnetted, I subnets 
O 1 1.1,1.0 [1 10: 129 J via 10. 1 .23.2, 00:03: 1 1 , ScrialO/0.32 

Note R3 sees network 1.1.1.0/24 through R2: this is because the bandwidth of 
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(he SO/1 interface connecting 113 to Rl is 128Kbps. 

Therefore, prefix 1.1.1.0 ,'24 is ONLY filtered from the routing table of R2 and 
NOT the database. The output of the following command reveals that this 
prefix is still in the database of R2: 

On R2 

RZsShow ip ospf database router I.I. 1.1 I irtc Network subnet 

(Link ID) Network subnet number: 11 1.1.1 . 
(Link ID) Network subnet number: 100. 1. 1 .0 
( Li nk I D) N ct wo rk s Lib ne t n u mbcr : 1 1 . 1 . 1 .0 
(Link ID) Network 1 ' sub net number: 1.1.1.0 
( Li nk I D) N ct wo rk' s ub nc t n u mbcr: 10.1.13 .0 
( Li nk I D) N ct wo rk s ub nc t n u mbcr: 1 . 1 . 1 2 .0 

Note configuring a "distribute-list out'* on Rl will NOT work at all, no other 
OSPF filtering solution will work except the one used in this task. 



Task? 

Configure filtering on the appropriate routcr/s such that the existing and future routers in 
area 2 do NOT receive network I 1 .1 .1.0 .'24 in their routing table or their database. 



The following method ONLY works for filtering LSA type 3s, and LSA type 3s 
ONLY. The first step is to configure a pre fix -list to deny the route: 

On K4 

R4(config)#ip prefix-list TST scq 5 deny LI. 1. 1 .0/24 
R4(con%)#ip prefix-list TST seq 10 permit 0.0.0.0/0 LE 32 

Once the prefix-list is configured, it can be applied to the area that it must be 
filtered from, in this case area 2. This command must be configured on an ABR. In 
the following configuration, the prefix-list filter's network 11.1.1.0 /24 from getting 
IN area 2. 

R4(config')#ro Liter ospf I 

R4(config-routcr)f*area 2 filter-list prefix TST in 
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To vt'iifv the. 1 configuration: 

On R5 

R5#sh ip route ospf I inc 1A 

IA 1.1. 1.0 [110 257: via 10. 1 .45.4, 00:32:51, ScrialQ/0.54 

O IA 100.1.1.0 [110 '257] via 10.1.45.4, 00:32:51, ScrialQ'0.54 

OIA I I 1. 1.1.0 [110 257] via 10.1.45.4, 00:32:51, ScrialO/0.54 

1 A 1 0.1 .1 3.0 [1 1 909] via 10.1.45.4, 00:44:42, ScrialM).54 

IA 10.1.12.0 [110/256] via 10.1.45.4,00:33:01, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4, 00:44:42, Scrial00.54 

IA 10.1.34.0 [110/128] via 10.1.45.4,00:44:42, ScrialO/0.54 

Note the above "Show*" command reveals that R5 does NOT have the route in it's 
routing tabic, and the following command verities that R5 docs Not have the prefix 
in it's database. 

R5#Show ip ospf database summary 1 1 . 1 . 1 .0 

OSPF Router with ID (5.5.5.5) (Process ID 1) 

On R4 

R4#Show ip route ospf I inc O 1 A 

O IA 1. 1.1.0 [110/193] via 10.1.34.3, 00: 13:32, ScrialO/0.43 

IA 100.1.1.0 [110/193] via 10.1.34.3,00:13:32, ScrialQ.''0.43 

OIA 1 1 1.1.1.0 [1 10/1 93] via 10.1.34.3, 00:13:32, ScrialQ'0.43 

O IA 10.1.13.0 [110/845] via 10.1.34.3,00:13:32, ScrialO/0.43 

IA 10.1.12.0 [110/192] via 10.1.34.3,00:13:32, ScriaUTO.43 

O IA 10.1.23.0 [110/128] via 10.1.34.3,00:13:32, ScrialQ.0.43 

OIA 11.1.1.0 1 111M931 via 10.1343, 00:13:32, Seria 10/0.43 

Note even though the output of the above "Show" command reveals that network 
11.1.1.(1 /24 is in R4"s routing table, the output of the following "Show" command 
clearly shows that it's in the database of area t) and NOT in the database that 
belongs to area 2 . 

R4*Show ip ospf database summary 11.1.1 .0 

OSPF Router with ID (4.4.4.4) (Process ID 1 ) 

Summary Net Link States (Area i)y*' 
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Routing Bit Set on this LSA 
LS age: 267 

Options: (No TOS -cap ability, DC, Upward) 
LS Type: Summary Links( Network) 
Link State ID: 1 1.1.1.0 (summary Network Number) 
Advertising Router 3.3.3.3 
LSScq Number: 80000001 
Checksum: 0x950C 
Length: 28 
Network Mask: .'24 
TOS: Metric: 129 






TaskS 

Configure the appropriate router's such that the routers in area do not see network 
1 1 . 1 . 1 .0 .'24 in their routing table or Link state database. You shou Id use the same 
solution as the one in the previous task, but it should be implemented in the OUT bound 
direction. 






The following method is used for filtering LSA type 3s, and LSA type 3s ONLY. 
Once again a prefix-list is configured to deny network 11.1.1.0 .'24 on the ABR,but 
in the following case the "urea filter-list'* command is filtering network 11.1.1.0 '24 

as it's advertised OUT of area 1. 

On R3 

R3(config)#ip prefix-list 1ST scq 5 deny 11.1.1. 0/24 
R3(config)#ip prefix-list TST scq 10 permit 0.0.0.0/0 LE 32 

R3f configure Liter ospf 1 

R3( con fig-router)?* area 1 filter-list prefix TST out 

To verily the configuration: 

Note the output of the following commands show that prefix 11.1.1.0/24 is no longer 
in the routing table of R4 or R5. 

On R4 

R4*Show in route 1 1.1.1.0 "»55."» 55. "*55.0 
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% Network not in table 

On R5 

R5*Sho\v ip route 1 1.1. 1.0 255.255.255.0 
% Netwtirk not in table 

Note the prefix is still in the routing table of 113, where the filtering is performed, 
but the prefix is in the muting table of this router as a route from area 1 (LSA type 
1) and NOT a prefix from area (From area 0's perspective this prefix is LSA type 
3). 

On R3 

R3#Shaw ip route ospf 

1.0.0.0.24 is subnetted, 1 subnets 
1. 1 . i .0 L 1 1 0/129 J via 10.1.23.2, 00:04:00, ScrialO/0.32 

100.0.0.0/24 is SLibncttcd I subnets 
1 00. 1. 1.0 [110/129] via 10. 1.23.2, 00:04:00, ScrialO/0.32 

11 1.0.0.0/24 is subricttcd, 1 subnets 
O I I 1. 1. 1.0 [110/129] via 10.1232, 00:04:00, ScrialO 0.32 

10.0.0.0/24 is subnetted, 5 subnets 
10. 1.12.0 [110/128] via 10. 1.23.2, 00:04:00, ScrialO/0.32 
O IA 10.1.45.0 [110/128] via 10.1.34.4, 00:04:00, SerialO'0.34 

1 1.0.0.0/24 is subnetted, 1 subnets 

1.0 |110/1291 via 10.1.23.2, 00:04:00, SerialO/0.32 




Note this is an intra-area route. 
To Drmt! this further: 

On R3 

R3#Sh ip ospf database summary' 11.1.1.0 

OSPF Router with ID (3.3.3.3) (Process ID 1.) 

Note the output of the above "Slum"" command reveals that network 11.1.1.0/24 is 
NOT in area 0, because if it was in area 0, it would have been in the Link State 
database of this router as a summary LSA or LSA type 3, whereas, the following 
"Show'" command reveals that the prefix is in area 1 as a router LSA or LSA type 1, 

lU-Shuv. :p ospl' database router :nc Area 1 11.1.1 .0 
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( Li nk 1 D) N ct wo rk s ub nc t n u mbcr: 1 1.1. 1 .0 



Task 9 

Configure the appropriate router's such that the routers in area or area 2 do not see 
network II 1 . 1 .1 .0 .-'24. L'sc the minimum number of commands to accomplish this task. 



Note the output of the following "Show'* command verifies that network 111.1.1.0 
724 is in the database of R3 that belongs to Area 1, and it shows up as a router LSA 
or LSA type 1: 

On K3 

R3*Show ip ospf database router ! inc Area 1 1 1 1 . 1 .1 .0 

(Link ID) Network subnet number: 11 1 .1.1.0 

The output of the following "Shoxv'" command reveals that prefix 111.1.1.0/24 is in 
the database of R3 as a summary LSA or LSA type 3: 

R3#Show ip ospf database summary 1 1 1.1.1.0 

OSPF Router with ID (3.3.13) (Process ID 1) 

Summary Net Link States (Area 0) 

LS age: 294 

Options: (No TOS -cap ability. DC, Upward) 
LS Type: Summary Linksf Network) 
Link State ID: II 1,1, 1 .0 (summary Network Number) 
Advertising Router 3.3.3.3 
LS Scq Number: 8000000A 
Checksum: 0x6CC8 
Length: 28 
Network Mask: .24 
TOS: Metric: 129 

The following command reveals that prefix 11 1.1.1.0 "24 is in the routing table of R3 

as an intra- are a route. 

Remember that intra-area mutes take precedence over inter-area routes: 

The re fore, this prefix shows up as an "()" route in the rout hit! table. 
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R3*Show ip route ospf 1 inc 111.1.1.0 

() 11 1.1.1.0 [1 10/129] via 10. 1.232, 00:47:2 l s Serial 0/0. 32 

The following OSPF filtering mechanism w#rks ONLY cm LSA type Is. It filters 
LSA type ls from being injected into a given area, this command ONLY' mirks if 
it's configured on an ABR and it is used for filtering LSA type 1 and LSA type ls 
ONLY. 

On Rj 

R3 (configure Liter ospf 1 

R3(config-routcr)#area 1 range 111.1.1.0 255.255.255.0 not- advertise 

Note the prefix is still in the routing table of R3 where the filtering is performed, but 
once again it shows up in the routing table as LSA type 1: 

R3"Sho\v ip route ospf | inc 111.1.1.0 

O 11 1.1.1.0 [110/129] via 10.1.23.2, 00:00:34, ScrialQ/0.32 

Note the prefix is no longer in the database of R3 as LSA type 3, which means that 
the routers in area or any other area down stream to area will not have this 
prefix in their routing table or link state database. 

R3#Show ip ospf database summary 1 1 1.1. 1.0 

OSPF Router with ID (3.3.3.3) (Process ID 1) 

R 3* Show ip ospf database router inc Area 1 1 1 1 . 1 . 1 .0 

(Link ID) Network subnet number: 11 1.1.1.0 



Task 10 

Configure the appropriate router's such that none of the routers except Rl sec network 
100. 1.1.0 .24 in their routing table; DO NOT stop advertising this network to accomplish 
this task. You should NOT use the solution that was used in tasks 7. 8 or 9 to accomplish 
this task. 



On R2 
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You should always display the existing access-list's arid distribute- lists before 
configuring one. You do not want to override an existing access-list distribute- list few 
minutes before the end of your lab exam. 

R2f*Show ace ess- list 

Standard IP access list 1 

10 deny 1.1.1 .0, wildcard bits 0.0.0.255 (1 9 matches) 
20 permit any ( 144 matches) 

R2*Shrun S router ospf I 

router QSpfl 
router- id 2.2.2.2 
log-adjaecncy-changcs 
network I0.L12.2 0.0.0.0 area 1 
network 10.L212 0.0.0.0 area 1 
distiibute-list 1 in 

Note the above "Show" command verifies that there is already a distribute- list 
configured in the sub-router configuration mode, therefore, we should try to modify 
the existing access-list that is applied by the existing distribute-list. 

R2(config)#\0 access- list 1 

R2(config)#acccss-list 1 deny 1.1. LO 0.0.0.255 
R2iconfig)#acccss-list 1 deny 100.1.1.0 0.0.0.255 
R2(config)#acccss-list 1 permit any 

'l'» vL'rit'v tht 1 configuration: 

On R2 

R2i'conila-routcr)r*do show in route 100. 1. 1.0 
% Network not in tabic 

On R3 

R3f*Show ace ess- list 

R3# 

R3*Show ip route inc 1 00.1 . 1.0 
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100.1.1.0 [11 0/129 J via 10 J 23.2, 00:16:48, ScrialO'0.32 

R3(config)#acccss-list 1 deny 100.1.1.0 0.0.0.255 
R3(config)#ac cess- list 1 permit any 

R3 ( con fig )nRo utcr ospf 1 
R3(cunfig-routcr)f*distribute-list 1 in 

R3*Sho\v ip route ospf 1 inc 1 00. 1.1.0 

R33 

On K4 

R4* Show ace ess- list 

R4# 

R4#Show ip route ospf I inc 1 00. 1.1.0 

1A 100.1.1.0 [110/193] via 10.1.34.3,05:10:53, SerialO/0.43 

R4(eonfig)#access-list 1 deny 1 00.1 . 1.0 0.0.0.255 
R4 fc o n fig )#ac cess- list 1 permit any 

R4 f con fig )#ro utcr ospf* I 
R4(config-routcr)#dist rib ute- list 1 in 

R4*Show ip route ospf I inc 1 00. 1.1.0 
R4# 

On R5 

RSJsbow ip route 100. 1 .1.0 255.255.255.0 

% Network not in table 

R5"Sho\v ip ospf da summ I 00.1.1.0 

OSPF Router with ID (5.5.5.5) (Process ID 1) 
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** ** # # # ** * * * tttt # * ** * * # tttt * * * *# # # * ** * * # ## * * * ## # # * ** * * # ## **#*#### ** * * # ## * * # * 

Note using the "distribute- list in"" sub-router configuration command ONLY effects 
the router that it's configured on, and the ONLY exception is if the prefix that is 
being filtered, is coming from area 0, meaning it's being filtered from area into 
another area in which case it will filter the route from the database and as a result of 
that the routers in the non-zero area will NOT have the route in their database or 
routing table. 

Whereas, If it's being filtered from a non-zero area into area 0, it \*ill ONLY effect 
the router that it's configured on. 






Task 1 1 

Configure the following Loopback interfaces on R5 and redistribute these Loopback 
interfaces in OSPF routing domain using the default cost. 

Loopback 0- 5, 1 \ 1 124 
Loopback 1 -50.1,1 V24 
Loopbaek 2 - 55.5.5.5 flA 






On \15 

R5(config)#int loO 

R5(config-it>ip addr 5.5.5.5 255.255255.0 

R5(config-ii>int lo I 

R5(config-if)#ip addr 50.5.5.5 255.255.255.0 

R5(config-if)#int lo2 

R5(config-ii>ip addr 55.5.5.5 ?55255 255.0 

R5(config)#routc-map TST permit 10 

R5 (c o n fig-route- map )# match interface loO lol k)2 

R5fconfig)frroutcrospf 1 

R5(config-router)#redistribute connected subnets route-map TST 

To verify the configuration: 
On R4 
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R4*Show ip route ospf Inc E2 

O E2 50.5.5.0 [110/20] via 10. 1 .45.5, 00:0 1 :05, SerialO'0.45 
E2 55.5.5.0 [120/20] via 10.1.45.5, 00:01:05, ScriaKX'0.45 
C> E2 5.5.5.0 [110/20] via 10. 1 .45.5, 00:0 1 :05, ScrialO/0.45 



Task 12 

Configure the appropriate router such that none of the routers except R5 can sec network 
5.5.5.0 '24 in their routing tabic. 



On R5 

R5 fc o n fig'^ac ccs s- li st 1 deny 5 . 5. 5 . 
R5(config)f#acccss-list 1 permit any 

R5 (c o n fig )?* router o sp f 1 

R 5 KHmf:s>routcr'j- distribute- list 1 on I 

lo verify the configuration: 

On R4 

R4f*Show ip route ospf lnc E2 

O E2 50.5.5.0 [1 10/20] via 10. 1.45 J, 00:06:00, ScrialO/0.45 
E2 55.5.5.0 [110/20] via 10. 1.45.5, 00:06:00, ScrialO/0.45 

On Rl 

R 1 #sh ip route ospf 1 nc E2 

E2 50.5.5.0 [1 10/20] via 10. 1. 12.2, 00:07:08, ScrialO/0.12 
O E2 55.5.5.0 [110/20] via 10.1.122, 00:07:08, ScrialO/0.12 

Note this is the ONLY scenario where the "distribute- list OUT'' command works in 

OSPF. This command MUST he configured on the AS BR or else it \\\\\ not have any 
effect whatsoever. This command filters USA type 5s or 7s, in this case the specific 
LSA type 5 is filtered from R5"s OSPF database and as a result of that, none of the 
other OSPF routers will see the route in their routing table or database. 
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R5**Show ip ospf" database external 

OSPF Router with ID (5.5.5.5) (Process ID 1) 

Type- 5 AS External Link States 

LS age: 664 

Options: (No TOS -capability, DC) 

LS Type: AS External Link 

Link State ID: 50.5.5.0 (External Network Number) 

Advertising Router 5.5.5.5 

LS Scq Number: 80000001 

Checksum: 0x51 FE 

Length: 36 

Network Mask: .'24 

Mctrie Type: 2 (Larger than any link state path) 

TOS: a ' 

Mctrie: 20 

Forward Address: 0.0.0.0 

Externa! Route Tag: 

LS age: 664 

Options: (No TOS-capability, DC) 

LS Type: AS External Link 

Link State ID: 55.5.5.0 (External Network Number ) 

Advertising Router 5.5.5.5 

LS Scq Number: 8000000 1 

Checksum: Ox 103B 
Length: 36 
Network Mask: '24 

Metric Type: 2 (Larger than any link state path) 

TOS:0 

Mctrie: 20 

Forward Address: 0.0.0.0 

External Route Tag: 
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Task 13 

Configure the appropriate router such that none ot'thc routers except R5 can sec network 
50.5.5.0 '24 in their routing tabic or database. You should NOT use the solution that was 
implemented in the previous task. 



The following command is used to filter LSA type 5s or 7s, this command must be 
configured on an ASBR, and when configured, it filters the specified prefix from the 
OSPF Link state database of the ASBR. 

On K5 

R 5 1 c o n fig)#ro Liter o sp f I 

R5(config-routcr)# summary -address 50.5.5.0 255.255.255.0 not-advertise 

Note network 50.5.5.0 '24 is NOT in the link state database of R5. 

R5"Sh ip ospf da external Inc 50.5.5.0 

R5# 

To verify the configuration: 
On Rl 

Rl*Ship route ospf I IncEZ 

E2 55.5.5.0 [11 0/20 J via 10.1.12.2, 00:21:25, ScrialO/0.12 

On R4 

R4#Show ip route ospf Inc E2 

E2 55.5.5.0 [110/20] via 10.1.45.5, 00:23:17, ScrialO/0.45 



Task 14 

Configure the appropriate router such that router Rl does NOT have network 55.5.5X) 24 
in its routing table. 
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Note Rl has the net\*ork in it's routing table. 



On Rl 



R L#Show ip route ospf inc E2 

E2 55.5.5.0 [11 0/20 J via 1 0. 1. 1 2.2 r 00:30:59, ScrialQ/0.12 

Note there are no access-lists configured on this router: 

Rln'Sh access-list 
Rl# 

R 1 (c o n fig)#ac ccs s- li st 1 deny 5 5 .5 . 5 .0 
R 1 1 c o n fig )r* ac c cs s- li st 1 perm it a ny 

R 1 (c a n fig)#ro Liter o sp f I 
R](config-routcr)# distribute- list 1 in 



To verify the configuration: 



On Rl 

Rl"Sho\v ip route ospf inc E2 

Note the above "Show" command verifies that prefix 55.5.5.0 .'24 was filtered 
successfully. 



Task 15 

Remove all the filters applied in the previous tasks (6 — 10. 12 - 14), if this configuration 
is performed successfully, all the routers should have every mute advertised and 
redistributed in this lab. 



On Rl 

Rlfconfig^NO access-list 1 

Rl (con fig )#ro utcr ospf I 
Rl(eonfig-routcr)#NO distribute-list 1 in 
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On R2 

R2(config)#\0 access-list 1 

R2 f c o n fig )#ro utcr o sp f 1 
R2(config-routcr)r*\(> distribute- list 1 in 

On R3 

R3(config)#NO access-list 1 

R3(config)#routcrospf 1 

R3(config-routcr)#NO distribute- list 1 in 

R3(config-routcr)#NO area 1 range 1 1 1 . 1 . 1 .0 255.255.255.0 not-advertisc 

R3(config-roLitcr)rrN() area 1 filter- list prefix TST out 

R3iconfig)#NO ip prefix-list TST 

On R4 

R4(config)#\0 access- list 1 

R4 ( c o n fig)#ro ut cr o sp f I 

R4i;config-routcr)#NO area 2 filter-list prefix TST in 

R4(config-routcrY#\() distributc-list 1 in 

R4(config)#NO ip prefix-list TST 

On K5 

Rficonfig'JrrNO access-list 1 

R5(config)"routcrospt" I 

R5fconfig-routcr)r! i N(> summary- address 50.5.5.0 255.255.255.0 not-advertise 

R5(eonfig-routcr)#NO distributc-list 1 out 



Task 16 

Configure the following loopback interlaces and advertise them in OSPF routing domain 
based on the following chart: These loopback interfaces should be advertised with their 
correct mask. 
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Routers 


Interface II J address 


Area 


R2 


Loopback - V.V ^4 


1 


R3 


Loopback - 3.3.3.3 ,24 
Loopback I -30.3.3.3 24 


1 



R4 


Loopback 0-4.4.4.4 ,24 
Loopback 1 -40.4.4.4/24 






On R2 

R2(config)#int loO 

R2(config-if)#ip addr 2.22.2 255.255 255.0 

R2(config-if)#ip ospf net point-to-point 

R2(config-if)#roLitcr ospf 1 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 arc 1 

To verify the configuration: 
On R\ 



Rl*Showip route ospf lnc 2.2.2.0 

2.22.0 [110/65] via 1 0.1 . 12,2, 00:01:50, ScrialQ-'0. 12 

On K3 

R3(config)#int k)0 

R3(config-if)##ip addr 3.3.3.3 255.255255.0 

R3(config-if)f#ip ospf net point-to-point 

R3i;config-if)#int to! 

R3(config-if)#ip addr 30.3.3.3 255.255.255.0 

R3(config-if)#ip ospf net point-to-point 

R3(config-if)#routcr ospf 1 
R3i;config-routcr)#nctw 3.3.3.3 0.0.0.0 area 1 
R3(confignroutcr)#nctw 30.3.3.3 0.0.0.0 area 

To verify the configuration: 

On Rl 
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Rl#Sho\v ip route ospf lnc 

E2 50.5.5.0 [110/20] via 10. 1.12.2, 00:01:32, ScrialO/0.12 
222.0 [110/65] via 10.1.12.2,00:01:42, ScrialO'0.12 
() 3.3.3.0 | il0/129| via 10.1.12.2, 00:01 :42,SerUflflL12 

E2 55.5.5.0 [110/20] via 10. 1.122, 00:01:32, ScrialO/0.12 
E2 5.5.5.0 [110/20] via 10.1.122, 00:01:32, ScrialO/0.12 
1 0. 1 .23. [ 1 1 0/ 1 2 8] via 1 0. 1 . 1 2 .2, 00:0 1 :42, ScrialO/0. 1 2 
01 A 1 0.1. 45.0 [110/256] via 10.1. 12.2, 00:0 1:42, Scrialfl'O. 12 
1A 10.1.34.0 [110/192] via 10.1.12.2,00:01:42, ScrialQO. 12 
() I A 30.3.3.0 1 1 10/1291 via 10.1.12.2, 00:01:32, SerialO/0.12 

On K4 

R4(config)#int k)0 

R4(config-if)#ip addr 4.4.4.4 255.255255.0 

R4(config-if)#ip ospf net po in t-to- point 

R4(eonfig-if)#int lol 

R4(config-il>ip addr 40.4.4.4 255 255. 255. 

R4 (c o n tig- if )#i p o sp f net po in t-to - po i nt 

R4 (con fig- ii^ro utcr ospf 1 

R4 (c o n fig-ro u t er)#nctw 4 . 4. 4 .4 . 0. 0. area 2 

R4(config-routcr)#nctw 40.4.4.4 0.0.0.0 area 

'I'o verify the configuration: 

On kl 

R I "Show ip route ospf lnc O 

E2 50.5.5.0 [110/20] via 10.1.12.2, 00201:47, Scria!0 0.12 
2.2.2.0 [110 65] via 10.1. 12.2, 00:06:42, SerialOO. 12 
3.3.3.0 [110/129] via 10.1. 12.2, 00:06:42, Scrial0/0. 12 
IA 44.4.0 1110/1931 via 10.1.12.2, 00:02:03, SerialO/0.12 
E2 55.5.5.0 [110/20] via 10.1.12.2, 00:01:48, ScrialO/0.12 
O E2 5.5.5.0 [110/20] via 10.1.122,00:01:48, ScrialO/0.12 
() IA 40.4.4.0 1 1 10/1931 via 10.1.12.2, 00:01:57, SerialO/0.12 
10. 1.23.0 [110/128] via 10. 1.12.2, 00:06:42, ScrialO/0.12 
IA 10.1.45.0 [110/256] via 10.1.12.2,00:06:42, ScrialO'0. 12 
1 A 1 0. 1 .34.0 [110/192] via 10.1 .12.2, 00:06:42, ScrialO/0. 12 
O IA 30.3.3.0 [110/129] via 10.1.122, (11:06:32, Serial (I'O. 12 
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Task 17 

Configure the appropriate router s such that the routers in area 2 do NOT sec any of the 
networks advertised by any of the routers in this topology, but routers Rl, R2 and R3 and 
R4 should sec all the networks advertised by the existing and future router's in area 2. 



By default all outgoing LSAsare flooded to the inti'ri;iiT . This command prevents 
flooding of ALL OSPF LSAs out of a L'iven interface , in this case SO/0.45. 

On K4 

R4(config)#int SO 0.45 

R4(config-subif)#ip ospf database- filter all out 

For this filtering mechanism to work, the OSPF process must be cleared. 

On K5 

R5#clc ip ospf proc 

Reset ALL OSPF processes? [no J: y 

Note R4 and R5 are still maintaining their neighbor adjacency 

R5f*sh ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

4.4.4.4 FULL/ - 00:00:30 10.1.45.4 ScrialO'0.54 

Note R5 does NOT have any of the routes from the other routers, this includes R4 
which is in the same area. 

R5f*Show ip route b Gateway 

Gateway of last resort is not set 

50.0.0.0/24 is Subletted, 1 subnets 
C 50.5.5.0 is directly connected. Loopback I 

55. 0.0.0/24 is subncttcd r 1 subnets 
C 55.5.5.0 is directly connected. LoopbackZ 

5.0.0.0/24 is subletted, 1 subnets 
C 5.5.5.0 is directly connected. LoopbackO 

1 0.0.0. 0'24 i$ subletted, 1 subnets 
C 10. 1 .45.0 is directly connected, ScrialO'0. 54 
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Note Rl has all the routes including the ones advertised by R5. 

On Rl 

R l^Sh ip route ospf 

50.(1.0.(1/24 is submitted* 1 subnets 
C) E2 50.5.5.0 |110;2(»1 via 10.1.12.2, 00:15:32, Serial Art). 12 

2. 0.0.Q' 24 i$ sub netted, I subnets 
O 222.0 [110/65] via 10.1.12.2,00:28:46, ScrialO/0. 12 

3.0.0.0/24 is subnetted, I subnets 
3.3.3.0 [110 129] via 10.1. 12.2, 00:28:46, ScrialO/0. 12 

4.0.0.024 is subnetted, I subnets 
O 1 A 4.4.4.0 [110/1 93 J via 10.1.122, 00:28:45, SerialO/0.12 

55.0.0.0/24 is sub netted, 1 subnets 
O E2 55.5.5.0 1110/201 via KU. 12.2, 00: 15:32, SerialO/0.12 

5.0.0.0/24 is subnetted, 1 subnets 
O E2 5.5.5.0 1110/20] via 10.1.12.2, 00:15:32, SerialO/0.12 

40.0.0. 0'24 is subnetted, 1 subnets 
O 1A 40.4.4.0 [110/193] vk 10.1.12.2,00:28:45, ScrialO'0.12 

10.0.0.0/24 is subnetted, 5 subnets 
10. 1.23.0 [110/128] via 10.1.122, 00:28:46, ScrialO/0.1 2 
O 1A 10.1.45.0 [110256] via 10.1.12.2, 00:28:37, ScrialO/0. 12 
O 1A 10.1.34.0 [110 192] via 10.1.12.2,00:28:46, Serial 0/0. 12 

30.0.0.0/24 is subneued, I subnets 
O 1A 30.3.3.0 [110/129] via 10.1.122,00:28:46, ScrialQ'0.12 



Task IS 

Configure the appropriate router s such that the routers Rl , R2 and R3 see a!! the routes 
advertised and or redistributed by the routers in this routing domain, whereas, routers R4 
ONLY sec the routes advertised within their area. arca2. 



The "Neighbor database-filter all out'" sub-router configuration command prevents 
Hooding of ALL OSPF LS.As to a given neighbor that is reachable through an 
interface that has a point-to-multipoint network type at a given IP address, in this 
case the neighbor with an IP address of 10.134.4. 

On K3 

R3(conf]g )r* router ospf 1 
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R3(config-routcr)#ricighbor 10.1.34.4 database- filter all out 

Note you should get the following error message, because the above "Neighbor"" 
command ONLY works for a neighbor through an interface that has a Point-to- 
Multipoint and or NBMA OSPF network types. 

%OSPF-4-CF(;_.\BR_[\VAL_.\ET_TYPE: Can not use configured neighbor: 
neighbor command is allowed only on SB.MA and point-to-multipoint networks 

R3i;config-rautcr)#int SO/0. 34 

R3(config-subif)#ip ospf network point-to-multipoint 

The same netvvork type should be configured on R4's SO/0.43 interface, as follows: 

R4(config)#int SO/0.43 

R4(config-subif)#ip ospf network point-to-multipoint 

R3 (config-s Lib if)#ro Liter ospf 1 
R3(config-router)#ncighbor 10.1.34.4 data base- filter all out 

Once again the OSPF process needs to be cleared: 

On R4 

R4frclcar ip ospf pro C 

Reset ALL OSPF processes? [no J: x 

To verify the configuration: 

On R4 

R4#Show ip route ospf 

50.0.0. 0'24 is subnetted, 1 subnets 
O E2 50.5.5.0 [110/20] via 10. 1 .45.5, 00:12:46, ScrialO'0.45 

55.0.0.0/24 is SLibncttcd, 1 subnets 
O E2 55.5.5.(1 [110/20] via 10. 1.45.5, 00:12:46, ScrialO/0.45 

5.0.0.0/24 is SLibncttcd, 1 subnets 
O E2 5.5.5.0 [110/20] via 10.1.45.5, 00:12:46, ScrialG'0.45 

On R5 

R5#Sh ip route b Gateway 
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Gateway of last resort is not set 

50.0.0.0/24 is subnet ted I subnets 
C 5 0. 5 . 5 . is d ircc tly CO nn cc ted r Loo p bat; k I 

55.0.0.0/24 is subnet tcd r I subnets 
C 55.5.5.0 is directly connected. Loopback2 

5.0.0.0/24 is SLibnettcd, I subnets 
C 5.5.5.0 is directly connected, LoopbackO 

10.0.0. 0'24 i s su bn ct t cd, I sub n cts 
C 1 0. 1 .45.0 is d ircctly connected, ScrialO/0.54 

Note 115 will NOT have any of the networks in its routing table bee a use of the 

configuration performed in task 16. 



Task 19 

Erase the startup configuration of the routers and reload them before proceeding to the 
next lab. 
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Lab 9 
Additional OSPF Filtering 
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Lab Setup : 



> Configure the FQ'l interlace of R2, R3, R5 and R6 should be configured in 
VLAN 100. 

> Configure the FO'O interlace of RL R2 r R3 and R4 in VLAN 200. 

> Configure the F0/1 interlace of Rl and BB1 in VLAN 300. 
3* Configure the IP addressing based on the above diagram. 
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Task I 

Configure the FO/1 interface of Rl and BB 1 in OSPF area 0. 






On both routers 

(config)r*Routcr ospf 1 
i;contig-rautcr)#nctw 0.0.0.0 0.0.0.0 area 

I o verify the configuration: 

On BBI 
BBl#Ping 10. 11. 1 1.1 




Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1 1.11.1, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5''5), round-trip min/avg'max = 1/2/4 ms 

BBl#Sh ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

1 .0. 1 . 1 . 1 1 FULL'D R 00:00:38 1 0. 1 1 . 1 1 . 1 FastE thcrnctO/'l 




Task 2 

Configure Rl, R2, R3 and R4's FO/0 interlace in OSPF area 0. 






On R2 

R2(config)#ro Liter ospf 1 
R2i:con%-roLitcr)#nctwork 10. 1. 1.2 0.0.0.0 area 

On K3 

R 3 (configure Liter ospf 1 
R3i;config-routcr)#nctwork 10. 1. 1.3 0.0.0.0 area 
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On R4 

R4 (c o n figure u t cr o sp f 1 
R4i;config-routcr)r*nctwork 10. 1. 1.4 0.0.0.0 area 

To verify the configuration : 

On Rl 

R I~Sho\v ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 
IO.lI.II.il 1 FULL/BDR 00:00:34 10.11.11.11 FastEthcrnctO/ 1 
10.1.1.4 1 FULL/DROTHER 00:00:36 10.1.1.4 FastElhernetO/0 
10.2.2.2 1 FULL/BDR 00:00:30 10.1.1.2 Fa si Elh erne 10/0 
10.2.23 1 FULLDROTHER 00:00:31 10.1.13 Fast EC he me 10/0 






Task 3 

Configure the FO/'l interlace of R2, R3, R5 and R6 in Area 1. 








On R2 

Rlfconfig^routcrospf 1 
R2i;config-routcr)#nctwork 10.2.2.2 0.0.0.0 area 1 

On R3 

R3(config)#routcr ospf 1 
R3i;config-router)#nct\vork 10.2.2.3 0.0.0.0 area 1 

On R5 

R 5 (con fig)#ro Liter ospf 1 
R5i;config-roLitcr)#nct\vork 10.2.2.5 0.0.0.0 area 1 

On R6 

R6(config .^router ospf 1 
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R6i;config-routcr)#nctwork 10.2.2.6 0.0.0.0 area 1 








To verify the configuration: 








On as 








R5*Show ip ospf neighbor 








Neighbor ID Pri State Dead Time Address 
10.2.2.6 1 FL'LL/BDR 00:00:39 10.2.2.6 
10.2.2.2 1 FLLL.'DROTHER 00:00:33 10.2.2.2 
10.2.23 1 FLLL.'DROTHER 00:00:33 10.2,2,3 


Interface 

Fast El her nel 0/1 

FastElhernelO/l 

FastEthenielO/1 






On R6 








RftrrShow ip ospf neighbor 








Neighbor ID Pri State Dead Time Address 
10.2.2.5 1 FL'LL/DR 00:00:38 10.2.2.5 
10.2.2.2 1 FLLL.'DROTHER 00:00:34 10.2.2.2 
10.2.23 1 FULL'DR OTHER 00:00:35 10.2.2.3 


Interface 
FastEihenieiO/l 
FaslElhernelO/l 
FastElhemelO/1 




Tusk 4 




Configure two loopback interfaces on R5 using the following IP addresses: 


Lot) =^^ ft and Lo 1 = 55.5.5.5 f24 

Lol interface should be advertised in OSPF area 1 with its correct mask. 

LoO should be redistributed in OSPF as metric- type I . 




On R5 








R5i;config)# inter loO 

R5i;config-ii>ip address 5.5.5.5 255.0.0.0 








R5 (co nfig)# inter lul 

R5iconfig-if)#ip address 55.5.5.5 255.255.255.0 

R5(config-if)#ip ospf network point-to-point 








EL5(oomfig)#ro Lite- map TST permit 10 
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R5 (c on fig )# match interface loO 

R5(config)#routcrospf 1 

R5(config-routcr)#nctwork 55.5.5.5 0.0.0.0 ansa 1 

R5(config-routcr)#redistribute connected metric-type 1 subnets route-map TST 






Task 5 

Configure two luopback interfaces on R6 using the following IP addresses: 

LoO = 6.6.6.6 ,'8 and Lo I = 66.6.6.6 ,'24 

Lol intcriacc should be advertised in OSPF area 1 with its correct mask. 

LoO should be redistributed in OSPF as metric-type I. 






On R6 

R6(config)# inter k)0 

R6(config-if)*ip address 6.6.6.6 255.0.0.0 

R6(config)# inter lol 

R6(config-it>ip address 66.6.6.6 255.255.255.0 

R6(config-if)#ip ospf network point-to-point 

R6(config)#routc-map TST permit 10 
R6(config)#match interface loO 

R 6 (c o n fig')# ro u t cr o sp f 1 

R6(config-rautcr)T*nct\vork 66.6.6.6 0.0.0.0 area 1 

R6(config-routcr)#redistribute connected metric-type 1 subnets route-map TST 




cc 


Task 6 

Configure two loopback interfaces on R4 using the following IP addresses: 

LoO = 4.4.4.4 /S and Lo 1 = 44.4.4.4 /24 

LoO interface should be advertised in OSPF area 1 with its correct mask. 

Lol should be redistributed in OSPF as metric- type 2, this route should be tagged with 44 

as it gets redistributed in OSPF routing domain. 
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On K4 

R4 (c o n fig)# in t cr fac c Loo p b ac kO 
R4(config-if)#ip address 4.4.4.4 255.0.0.0 
R4(config-if)#ip ospf network point-to-point 

R4(config)rr interface Loopbaekl 
R4(config-if)#ip address 44.4.4.4 255.255.255.0 

R4(config)#routc-map TST permit 10 

R4 fc o n fig-ro u tc- map ) S mate h in tcrfacc Loo p b ac k I 

R4 ( c o n fig -r Q u t c- map )# set t ag 44 

R4 fc o n fig )P router o sp £ 1 

R4 (con fig-ro utcr)?* redistribute connected subnets route-map TST 

R4(config-routcr)r*nct\vork 4.4.4.4 0.0.0.0 area 1 

R4 (con fig-ro utcr)#nct\vurk 10. 1. 1.4 0.0.0.0 area 

To verify the configuration: 
On \U 



R1#Sh ip route ospf 

1A 4.0.0.0/8 [110/2] via 10.1.1.4, 00:49:17, FastEthcrnctO 
1 A 55.5.5.0/24 [ 1 1 0/3 j via 1 0. 1.1.3, 00:49: 1 7, FastEthcrnctO 
[1 10/3] via 10. LI .2, 00:49:17, FastEthcrnctO/0 
O El 5.0.0.0/8 1110/221 via 1(1.1.1.3, 00:49:17, FastEthurnelO/0 
1110/221 via 10.1.1.2, 00:49:17, FastEtliernetO/0 
66.0.0.0/24 is subnet ted, 1 subnets 
O IA 66.6.6.0 1 110/3| \ia 10.1.1.3,00:49:17, FastEthernetOO 
1 1 1 11/3 1 v ia 1 II. 1 . 1 . 2 , (HI : 49 : 1 7, F ast E th ei net 
O E2 6.0.0.0/8 |110/201 via 10.1.1.3, 00:49:17, Fast Ether BetO/0 
1110/20] via 10.1.1.2, 00:49:17, FuslEllimittO/O 
1 0.0.0. 0'24 issubnetted, 3 subnets 
IA 10.22.0 [1 10/2] via 10.1.1.3,00:49:17, FastEthcrnctO 
[110 2; via 10. 1.1.2, 00:49:17, FastEthcrnctO/0 
44.0.0.G'24 issubnetted, 1 subnets 
O E 2 44 .4 .4 .0 [ 1 1 0/2 j v ia 1 . 1 . 1 .4 , 00 :4 9 : 1 7 , FastE thcrnctO/0 

Rl*Ship route 44.4.4.4 

Routing en try lor 44.4.4.0/24 
Known via "ospf 1 ". distance I I 0. metric 20 
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Tag 44, type extern 2. forward metric 1 
Last update from 1 0. 1. 1 .4 on FastEthcrnetO 0, 00:52:1 2 ago 
Routing Descriptor Blocks: 
* 10.1.1.4, from 10.1.1.4, 00:52:12 ago, via FastEthcrnetO 

Route metric is 20, traffic share count is 1 

Remit; tag 44 

On BBI 

BBl#Sh ip route ospf 

O IA 4.0.0.0/8 [ 110/3] via 10.11. 11 .1, 00:53:43, FastEthcrnetO; 1 
O IA 55.0.0.0/8 [ 1 10/4 J via 1 0. 1 1 . 1 1 . 1, 00:53:43, FastEthcrnetO/ 1 
O E 1 5.0.0.0/8 [ 1 1 0/23] via 10.1 1.1 1.1, 00:53:43, FastEthcrnetO' 1 

66.0.0.0 24 is subnetted, 1 subnets 
1 A 6 6 . 6 .6 . 6 [ 1 1 0/4] via 1 . . 1 1 . i 1 . 1 , 00: 5 3 :4 3 , FastE thcrnctO/ 1 
O E2 6.0.0.0/8 [ 1 1 0/20 J via 1 0. 1 1 . 1 1 .1 , 00:53:43, FastEthcrnetO 1 1 

10.0.0.0/24 is subnet ted, 3 subnets 
O 1 A 1 0.22.0 [1 10/3] via 1 0. 1 i . 1 1 . 1 , 00:53:43, FastE thcrnctO/ 1 
O 1 D. 1.1.0 [110/2] via 10. 1 1 . 1 1 . 1 , 00:53:43, FastEthcrnctO/1 

44.0.0.0/24 is subnet ted, 1 subnets 
O E2 44.4.4.0 [1 10/20] via 10. 1 1 . 1 1 . 1, 00:53:43, FastEthcrnctO/1 






I ask 7 

Configure Rl to filter all networks that carry a tag of 44. 






On kl 

Rl (con fig)#ro Lite* map Task- 7 deny 10 

R 1 (config-routcr)?* match tag 44 

Rl (config)#routc-map Task- 7 permit 20 

In the above configuration routes that tatty a tag of 44 are matched and denied and 
the routes that do NOT carry a tag of 44 are all permitted. 

R 1 (c o n fig)f#ro u t cr o sp f 1 

R I ( c on f:t>ruuter')~ distribute- list route-map Task-7 in 

To vcrifv the configuration: 




cc 
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On Rl 

R If* Show ip route ospf 

1 A 4.0.0.0/8 |110/2] via 10.1. 1.4, 00:02:12, FastEthcrnctO/0 
IA 55.5.5.0/24 [110/3] vk 1 0.1 .1.3,00:02:12, FastEthcrnctO 

[1 10/3] via 10.1.1.2, {K):02:12, FastEthcrnctO 
O E 1 5.0.0.0/8 [110/22] via 10. 1. 1.3, 00:02:12, FastEthcrnctO 

[1 1022] via 10.1.12, 00:02:12, FastEthcrnctO.' 
66.0.0.0 24 is subletted, 1 subnets 
O 1 A 66.6.6.0 [1 10/3] via 10.1. 1.3, tX):02:12, FastEthcrnctO/O 

[11Q-3J via 10.1.1.2, 00:02:12, FastEthcrnctO/0 
O E2 6.0.0.0/8 [110/20] via 10.1.1.3, 00:02:12, FastEthcrnctO 

[1 10/20] via 10.1.1.2, 00:02:12, FastEthcrnctO 
10.0.0.0' 24 is subnet ted, 3 subnets 
1 A 10.22.0 [1 10/2] via 10.1. 1.3, 00:02:12, FastEthcrnctO 

[1 10'2] via 10. 1 . 1 .2, 00:02:12, FastEthcrnctO 

Note network 44.4.4.0 .'24 is blocked because it carried a tau of 44. Its very 
important to note that this filtering is performed on Rl and the routes that carry a 
tag of 44 are filtered fnmi the routing table of Rl and NOT the database. 

To verify the configuration: 

On BBI 

BBl#Sh ip route ospf 

O IA 4.0.0.0/8 [110/3] via 10.1 1.11.1, 00:08:42, FastEthcrnctO/ 1 
O IA 55.5.5.0/24 [110/4] via 10.1 1.1 1 .1, 00:08:42, FastEthcrnctO' 1 
O E 1 5.0.0.0/8 [110/23] via 10.1 1 . 1 1 . 1 , 00:08:42, FastEthcrnctO, I 

66.0.0.024 is subnet ted, 1 subnets 
IA 66.6.6.0 [1 10/4] via 10.1 1.11.1, 00:08:42, FastEthcrnctO' 1 
O E2 6.0.0.0,8 [110/20] via 10.1 1.1 1.1, 00:08:42, FastEthcrnctO/1 

10.0.0.024 is subnet ted, 3 subnets 
O 1 A 1022.0 [1 10/3] via 10.1 LI hi, 00:08:42, FastEthcrnctO I 
1 0. 1.1.0 [ 110/2] via 10.1 1 .1 1 .1 , 00:08:42, FastEthcrnctO' 1 

44.0.0.0/24 is sub netted, 1 subnets 
O E2 44.44.0 [U0/20] via 10.1 1.1 1.1, 00:08:42, FastEthernetO.'l 

On Rl 



Rl*Sh ip ospf da ex adv-routcr 10.1.1.4 
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OSPF Router with ID (10.1.1.1) (Process ID 1) 

Type- 5 AS External Link States 

Routing Bit Set on this LSA 

LSagc: 1036 

Options: (No TOS -cap ability s DC) 

LS Type: AS External Link 

Link Slate ID: 44.4.4.(1 (External Network Number > 

Advert is ing Ro titer: 1 0. 1.1.4 

LS Scq Number: 80000004 

Checksum: 0xE04C 

Length: 36 

Network Mask: /24 

.Metric Type: 2 (Larger than any link state path) 

TOS:0 

Metric: 20 

Forward Address: 0.0.0.0 

External Route Tag: 44 

Note the route is still in the database of Rl. 






Task 8 

Remove the "distribute- list route-map Task-7 in "command from the previous task and 
configure Rl to filter all OSPF external type 2 prefixes. You should NOT configure an 
ace ess- list to accomplish this task. 






On ri 

RI(config)r#ro utc- map Task- 8 deny 10 

Rl (COmfig-ro utc- map )#match route-type externa! typc-2 

R 1 (c o n fig)" ro u t c- map Tas k- S p crmit 2 

R 1 (c o n fig)#ro titer o sp f 1 

R I (con fig-router)" distribute- list route-map Task-8 in 

To verify the configuration: 
On Rl 
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Rl#Sh ip route gggf 

1 A 4.0.0.0/S [110/2] via 10.1.1.4, 00:00:09, FastEthcrnctO/0 
[A 55.5.5.0/24 [110/3] via 10.1.1.3, 00:00:09, FastEthcmctO 

[1 103] via 10.1.1.2, 00: 00:09, FastEthcrnctO/0 
E 1 5.0.0.0/8 [II 0/22] via 1 0. 1.1.3, 00:00:09, FastEthcractO 

[1 10/22] via 10.1. 1.2, 00:00:09, FastEthcractO. 
66.0.0. 0/24 i s su bn ct t cd, I sub n ct s 
O 1A 66.6.6.0 [1 10,3] via 10.1. 1.3, 00:00:09, FastEthcrnctO/0 

[1 10/3] via 10, 1 . 1 .2, 00:00:09, FastE thcrnctO/0 
10. 0.0. 0.24 issubnetted, 3 subnets 
1 A 10.22.0 [1 10/2] via 10.1. 1.3, 00:00:09, FastEthcrnctQYO 

[1 10/2] via 10.1. 1 .2, 00:00:09, FastE thcrnctO/0 

There is no need to remove the previous distribute- list command, when a nex\ one is 
entered; it overrides the previous distrihute-list command. 

Note the external type-2 (E2) routes are filtered from the routing table ufRl, but 
they are still in the database of this router and therefore, as a result of that, BB1 nill 
have the E2 routes in its routing table. 

On BBI 



BBl"Sh ip route ospi" 

1 A 4.0.0.0/8 [110/3] via 10.1 1.11.1, 00:21:51, FastEthcractO/ 1 
1 A 55.5.5.0/24 [110/4] via 10.1 I . I I . i , 00:21:51, FastEthcractO I 
E 1 5.0.0.0/8 [11 0/23] via 10.11.11.1, 00:2 1:51, FastE thcrnctO/1 

66.0.0.0 24 issubnetted, 1 subnets 
O 1 A 66.6.6.0 [1 10/4] via 1 0. 1 1 . 1 1 . 1 , 00:21:5 1 , FastE thcmct0.T 
O E2 6.0.0.0/8 1110/201 via 10.11.11.1, 00:21:51, FastEthernetO/1 

1 0.0.0.0/24 issubnetted, 3 subnets 
1A 10.2.2.0 [1 10/3] via 10. 1 1 .1 1.1, 00:21:51, FastE thcrnctO/ 1 
O 1 0. 1 . 1 .0 [ 110/2] via 10.1 1 .1 1.1, 0021 :5 1, FastEthcrnctO/1 

44.0.0.0/24 is subnet ted, 1 subnets 
OE2 44.4.4.0|110/201 via 10.11.11.1,00:21:51, FaslEthernetO/1 



Tusk 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 10 
Redirecting traffic in OSPF 
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Lab Setup: 

> Rl should be configured with two point-to-point links, one connecting Rl to R2 
and the other connecting R! to R3. R2 and R3 should also be configured in a 
point-to-point manner. 

> R2 S R3 and R4's F0/0 interfaces should be configured to be in VLAX 234. 
^ Use the IP address chart below to assign IP addresses to the routers. 
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II* AiklrL'ssing: 



Router 


Interface 


IP address 


Area 


Rl 


LoO 


1.1.1.1 .8 


Area 




F/R interlace to R2 


10.1.12.1 ,24 


Area 




F R interface to R3 


10.1.13.1 24 


Area 


R2 


LoO 


2.2.2.2 ,'S 


Area D 




FR interface to Rl 


1 0.1.12.2 .12 4 


Area 




Ft) (I interface 


10.1.234.2/24 


Aix-a 


R3 


LoO 


1 H T T >o 
5.D.5.5 -o 


Area 




F R interlace to Rl 


10. Li 3.3 .'24 


Area 




FO interlace 


10.1.234.3/24 


Area 


R4 


LoO 


4.4.4.4 /B 


Area 




FO/0 interface 


10.1.234.4/24 


Area 



[ask I 



Configure OSPF on all routers and advertise their directly connected network in area 
and ensure that these routers can reach all the advertised networks. Ensure that the 
loopback interfaces are advertised with their correct mask. 



On All KoutiTS 

(conlig-if)#routcrospf I 
(config-rautcr'^nctw 0.0.0.0 0.0.0.0 arc 

(coniig-routcr)#intcrfacc Lo 
(config-if)#ip ospf network point-to-point 



Task 2 

Rl has two ways to reach network 4.0.0.0 .8. ensure that Rl uses R2 to reach this 

network. Rl should go directly to R3 to reach network 3.0.0.0. 

However, if R2 goes down, R3 should be used as a transit router to reach network 4.0.0.0 

/8. 

DO NOT USE THE FOLLOWING COMMANDS: 

Bandwidth; any global config command, OSPF cost command or the distance command. 
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Note the routing table of Rl reveals that Rl can reach network 4,0.0.0 \ia R2 and 
R3. 

On Rl 



R If* Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-1S lcvcl-l,*L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, U - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last re sort is not set 

C 1 .0 .0 . 0/8 is direct h/ co n n cc ted , Loo p b ac kO 
O 2.0.0.0 S [11065J via 10.1.122, 00:0021, ScrialO/0.12 
O 3.0.0.0.8 [110.65] via 10.1.13.3, 00:0021, ScrialQ/0.13 
() 4.0.0.0/8 1110/661 via 10.1.13.3,00:00:21, SerialO/0.13 
1 110/661 via 10.1.12.2, 00:00:21, SerialO/0.12 
10.1.0.024 issubnetted, 3 subnets 
10. 1 234.0 [1 10. 65] via 1 0. 1 .1 3.3, 00:00:2 1 , ScrialO/0.1 3 

[ 1 10/6 5 J via 10.1.12.2, 00:00:21, ScrialO/0.1 2 
C 1 0. 1 .12.0 is directly connected, Scrial0/0. 12 
C 1 0. 1 .1 3.0 is directly connected, ScrialO'O. 1 3 

On R3 

R3(config)#routcrospf 1 
R3(config-router)#ma\-mt;tric router-lsa 

The above command will cause a router to originate LSAs with a maximum metric 
of Oxffff (LS Infinity). This is done so that other routers do not prefer the router as a 
transit hop in their path to a given network. 

To Verify the configuration: 
On Rl 

RlffShow ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
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D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
M - OSPF NSSA external type l,N2 - OSPF NSSA externa! type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, L I - IS-IS level- 1 , L2 - IS-IS lcvcl-2 
ia - IS- IS inter area., * - candidate default,, L* - per- user static route 
o - ODR, P -periodic downloaded statie route 

Gateway of last resort is not set 

C I .0 . 0/ 8 i s d i rcc t ly co n nee ted . Loo pb ac kO 

2.0.0.0/8 [110/65] via 10. 1.12.2, 00:04:12, ScrialO/0.12 

O 3.0.0.0/8 [ 110/65] via 10.1. 1 3.3, 00:04:12, ScrialO/0. 1 3 

() 4.0.0.0/8 1110/661 via 10.1.12.2,00:04:12, SerialO/0.12 

10.1.0. 0/24 i s su bn fitted, 3 sub nets 
10.1234.0 [110/65] via 10. 1.12.2, 00:04:12, ScriaH)/0.12 
C 10. 1 .12.0 is directly connected, ScrialO 0. 12 
C 10. 1.13.0 is dircctlv connected. Scrial0/0. 13 



Task 3 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 11 
Overload Pr« 
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EIGRP100 




FG/0 
/ 10,1.210/24 



Ltfl \ 
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AreaO 
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/ 



Lab Set liij: 



The frame-relay connection between Rl and R2 must be configured in a point-to- 
point manner. 



> R2 and R3's FO/0 interface should be configured in VLAN 23. 
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II* Aiklrfssing: 



Router 


Interface 


IP address 


Area 


Rl 


Ltd 


1.0.0.1 /S 


Eigrp 100 




L«2 


2.0.0.1 /8 


Eigrp 100 




Lo3 


3.0.0.1 /8 


Eigrp 100 




Lo4 


4.0.0.1 /S 


Eigrp 100 




Lu5 


5.0.0.1 /S 


Eigrp 100 




Lu6 


6.0.0.1 8 


Eigrp 100 




Lo7 


7.0.0.1 /8 


Eigrp 100 




Lc>8 


8.0.0.1 /8 


Eigrp 100 




Lu9 


9.0.0.1 /8 


Eigrp 100 




Lol 


10.0.0.1 24 


Eigrp 100 




Loll 


1 1 .0.0. 1 m 


Eigrp 100 




SO/0.12 


10.1.12.1 24 


Eigrp 100 


R2 


LoO 


2.2.2.2 /8 


Eigrp 100 




Lol 


22.2.2.2/8 


OSPF area 




SO/0.21 


10.1.12.2 .24 


Eigrp 100 




FO/0 


10.1.23.2/24 


OSPF area 


R3 


[.Oil 


3.3.3.3 /8 


OSPF area 




FO/0 


10.1.23.3 '24 


OSPF area 



Task I 

Configure the routers as follows: 

> n R 1 , co n figure Eigrp 1 00 and advert ise nctwo rks 1.0. 0. 8-5.0 .0 . /8 and the 
frame- relay interface to R2. 

> On R2., configure Eigrp 100 and advertise networks 2.0.0.0 8 and the frame-relay 
interface link to Rl. 

> On R2, configure OSPF and advertise network 22.0.0.0 .'8 and the FO/0 interface 
to R3 in area 0. 

P On R3. configure OSPF and advertise all of its interfaces in area 0. 



On Rl 

Rl (configure Liter eigrp 1 00 

Rlfconfig-routcr)#no au 

R 1 (config-routcr)^nctw 1 . 0. 0.0 
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Rifconfig-rauterjftwtw 2.0.0.0 
R 1 (config-routcr)#nctw- 3.0. 0.0 
Rl (config-routcr)r*nct\v 4.0. 0.0 
R 1 fc o n fig-ro u tcr)# net w 5 . 0. . 
Rl i;config-routcr)#nct\v 1 0. 1. 12.0 0.0.0255 

On R2 

R2(config-if)#routcr ospf 1 
R2(config-routcr)f*nctw 22.2.2.2 0.0.0.0 arc 
R2iconfig.routcr)#nctw 10.1.23.2 0.0.0.0 arc 

R2(config-roLitcr)r*rout cr cigrp 1 00 
R2i;config-routcr)#nctw 10.1.12.0 0.0.0255 
R2i con fig-ro utcr)#nct\v 2.0. 0.0 
R2 (c o n fig-ro u t cr) S no auto 

On R3 

R3f con fig- if)#ro Liter ospf 1 
R3(config-routcr)?*nct\v 0.0.0.0 0.0.0.0 arc 






Task 2 

On R2, perform a mutual redistribution between OSPF and Eigrp 100. 






On R2 

R2(config)#ro Liter cigrp 1 00 

R2i:config-routcr)#redistributeospi 1 metric 1500 20000 255 1 1500 

R2 (c o n fig-ro u t cr) # ra Lit cr o sp f 1 
Rlfconfig-roLitcrYrrredistribute eigrp 100 subnets 

Note when redistributing routes into OSPF, they \>ill be redistributed with a metric 
of 20. 

To verify the configuration: 
On R3 
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R3#Show ip route 

Codes: C - connected, S - static. R - RIP. M - mobile, B - BGP 

D - E1GRP, EX - EIGRP external - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external t>pc 1 s N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, L I - 1S-1S level- 1,L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default,, L* - per- user static route 
o - ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

O E2 1.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastElliernetO/0 
O E2 2.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastEtliernetO'O 
C 3.0.0.0/8 is directly connected, LoopbackO 
O E2 4.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastElliernetO/0 
O E2 5.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastEtliernetO'O 

22.0.0.0/32 is subletted, 1 subnets 
O 22.222 [110/2] via 10.1.23.2, 00:01:1 8, FastEthcrnctO 

1 0.1 .0.0/24 is subletted, 2 subnets 
() E2 10.1.12.0 (110/201 via 10.1.23.2, 00:01:20, Fa si Ethernet 0/0 
C 1 0. 1 .23.0 is d ircctly connected, FastEthcractO/0 






Task 3 

R2 should be configured such that the maximum number of prefixes that can be 
redistributed into OSPF routing protocol is 10. 

R2 should generate two warning messages. The first message should occur when the 
number of redistributed prefixes reaches 70% of the configured threshold (10). The 
second message should occur when the 1 0' prefix is redistributed. 






On R2 

R2 (c o n fig -ro u t cr ) S ro ut cr o sp f 1 

R2(config-routcr)£redistribute maximum-prefix 10 70 warning-only 

The above command limits the number of prefixes that can be redistributed into 
OSPF rout in y domain. In this case, the router x>ill generate two warning messages, 
the first one will be generated when 70% of the configured threshold (10) is reached 
and the second message will be generated v*hen the configured threshold (TO) is 

eve ceded. 
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The initial con fig file has created 1 1 Loop back interfaces for testing purpose. Test 
this policy by advertising these loop back interfaces one at a time and observe the 
warning messages. 



Task 4 

The administrator of Rl is constantly violating the maximum routes policy, in order to 
safeguard against this, you should configure R2 such that only 10 prefixes arc allowed to 
he redistributed into OSPF, if Rl advertises more than 10 prefixes in Eigrp 1 00. R2 
should ignore the extra prefixes. 



On R2 

R 2 1 c o n figure u tcr o sp f 1 

RZfconflg-routcr^no redistribute maximum- pre fix 10 70 warning-only 

R2 1 con fig -router)#rcd is tribute maximum-prefix 10 70 

Since the "warning- only'" key wo I'd is not used, R2 will ignore any advertisement 
above the set threshold. 



Task? 

Erase the startup config and reload the routers before proceeding to the next lab. 
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Lab 12 - OSPF Non-Broadcast Networks 



s 



/ 




/ 



1.1.1.1/3 gflflj im.^/2* 



/ 



/ 



Area 



■■ 



/ 



\ 



\ 




. 4.4A4.S 

\ LaO 



\ 



\ 



N 



3.3.3.3 /a 

LoO 



\ 



\ 



AreaQ 



\ 



\ 



\ 



\ 



X 



30m] 



10.1.1.2 .24 




/ 



12.12 ja 

LaO 



/ 



/ 



/ 



/ 



/ 



Lal> Si'tuu: 



> Configure Rl as the huh and R2. R3 and R4 as spokes. 



> Configure all routers in a Frame-relay Multipoint manner. DO NOT configure 
sub- interfaces on any of the routers. Use the broadcast keyword when configuring 
the "Frame-relay map 1 ' statements. 

> Use the IP addressing chart below tor IP assignment. 
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II J addressing: 



Router 


Interface ■' IP address 


Rl 


SO = 1 a 1 . 1 . 1 24 
LoopbackO = 1.1. 1.1 8 


R2 


SO 0= 10. 1.1.2 ,24 
UwpbackG =2.2.2.2/8 


R3 


S0.0 = 10.1.1.3/24 
LoopbackO = 3 n - n - 3 ft 


R4 


90/0 = 10. 1.1.4/24 
LoopbackO = 4.4.4.4 ft 



Task 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area 0. 
Ensure that loopback interface of these routers arc advertised with their correct mask. 
DC) NOT change the network type to accomplish this task. 



On Rl 

R 1 (c o n fig)#ro uter o sp f I 

Rl (con fig-ro utcr)#nctw 10.1.1.1 0.0.0.0 area 

R 1 (config-rou ter)#n£tw 1.1.1.1 . 0. 0. area 

R 1 (c o n fig-ro u t cr)#in t lo 

Rl (config-ifjrrip ospf network point-to-point 

Note the following command is required since Rl is the huh. 

R 1 (c o n fig)# in t criac c S crialG'O 
R 1 (c o n fig- if)rr i p o sp f p rk) rity 25 5 

On R2 

R2(config)#routcrospf 1 

R2 icon fig-ro uter)#nctw 10.1.1.2 0.0.0.0 area 

R2 (con fig-ro utcr)# net w 2.2.22 0.0.0.0 area 

RZieonfiy-routcrln-int loO 
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R2(config-if)#ip ospf network point-to-point 

On K3 

R 3 ic o n fig )#ro Liter ospf 1 

R3i;config-router)^nctw 10.1.1.3 0.0.0.0 area 
R3(COnfig-router)#netw 3.3.3.3 0.0.0.0 area 

R 3 ( c o n fig-ro u tcr)#in t lo 

R 3 (c o n fig- if)#i p o sp f nctwo rk po in t-to -po i nt 

On R4 

R4 (c o n fig)#ro u tcr o sp f 1 
R4i;config-routcr)^nctw 10. 1. 1.4 0.0.0.0 area 
R4(config-roLitcr)#nctw4.4.4.4 0.0.0.0 arcaO 

R4(config-roLitcr)#int loO 

R4(config-if)#ip ospf network point-to-point 

Note the following command is required so the spokes will NOT participalL 1 in 
DR/BDR election. 

On R2. R3 and R4 

(coniig)# interface ScrialO/0 
(config-ii)#ip ospf priority 

To verify the configuration: 



On Rl 

Rl^Sh ip ospf neighbor 
Rl^Show ip route ospf 

Note there is NO neighbor adjacencies established, as a result of that: there won't he 
any mutes in the OSPF routing table. 

The reason is the OSPF network type, the default OSPF network type on Multipoint 
Frame- relay interface is NO N_ BROAD CAST, the following show command reveals 
the OSPF network type. 

On Rl 
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RlsShow ip ospf interlace SO/0 



The network type 

'. 



', 



ScrialO/0 is up, line protocol is up 
] ntcrnct Address 10.1.1. 1/24, Area \ 

Process ID 1, Router ID 1 . 1. 1 .1 , Network Type NON_BRO.\DCAST, Cost: 64 
Transmit Delay is 1 sec, State DR. Priority 255 
Designated Router (1 D ) 1 . 1 . 1 . 1 . 1 nterlacc address 10.1.1.1 
No backup designated router on this network 
Timer intervals configured,. Hello 30, Dead 120. Wait 120. Retransmits 

oob-rcsync timeout 120 

Hello due in 00:00:22 
Supports Link-local Signaling (LLS) 
Index 2'2, flood queue 'length 
Next 0x0(0)' 0x0(0) 

Last Hood scan length is 0, maximum is 
Last flood scan time is msec, maximum is msec 
Neighbor Count is 0, Adjacent neighbor count is 
Suppress hello for neighbor (s) 

Since the (ask states that the network type can not he changed, then, the "priority'' 
sub- router configuration command can be used to accomplish this task: in this case 
the priority command needs to be configured on the hub router ONLY. 

On Rl 

R 1 (c o n fig)#ro u t cr o sp f I 
Rl (config-routcr)#ncighbor 1 0. 1 . 1.2 
R I (c onfig-rou tcr)#ncighbor 10.1.1.3 
R 1 (config-rou ter)#ncighbor 10.1.1.4 

"I'm vL'fit'v the tMini'iauration: 
On Rl 



RlnShow ip ospf neighbor 

Neighbor ID Pri State Dead Time Address 

22.2.2 FL'LL'DROTHER 00:01:42 10.1.1.2 

3.3.3.3 FULLDROTHER 00:01:48 10.1.1.3 

4.4.4.4 FL'LL'DROTHER 00:01:50 10.1.1.4 

R NShow ip route ospf 

O 2.0.0.0 S [110 65; via 1 0. 1 . 1 .2, 00:00:52, ScrialO/0 



Interface 
ScrialO/0 
ScrialO/0 
ScrialO/0 
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3.0.0.0 8 [110/65] via 1 0. 1.1.3, 00:0052, ScrialO/0 
4.0.0.0 g [110&5] via 1 0. 1 . 1 .4, 00:00:52, ScrialO/0 

Note once the "Neighbor" command is configured on the hub router, the routers. 
will transition into FULL state and exchange routes. 

Remember, when the "Neighbor" command is configured, all OSPF packets will use 
UN I CAST instead of MULTICAST: Therefore, there the "frame- re lay map" 
commands DO NOT need to be configured with the "Broadcast" keyword. 

On Rl 



Rlfconfig)#intsO/G 

Rl(config-if)#NO frame- relay map ip 10.1.1J2 102 broadcast 
Rl(config-if)#NO frame- relay map ip 10.1.1.3 103 broadcast 
Rliconfig-if)#NO frame- relay map ip 10.1.1.4 104 broadcast 

Rl(config-if)#franK>rclay map ip 10.1.1.2 102 
R 1 (c o n fig- if )# frame- rcl ay map ip 10.1.1.3 103 
Rlfconfig-ity frame-relay map ip 10.1.1.4 104 

On R2 

R2i;confIg)#intS0;'0 

R2ieonfig-if)r*NO frame- relay map ip 10.1.1.1 201 broadcast 

R2i;config-if)#framc-rclay map ip 10. 1.1.1 201 

On R3 

R3(config)#intS0 

R3(config-if)#NO frame- relay map ip 10.1.1.1 301 broadcast 

R3icont1g.if>fram&rclay map ip 10.1.1.1 301 

On R4 

R4(config)#intS0D 

R4(config-if)#N() frame- relay map ip 10.1.1.1 401 broadcast 

R4(config-if)r#framc-rclay map ip 10.1.1.1 401 
To test the confix urati on: 
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On Rl 








Rl#Show ip route ospf 








2.0.0.0/8 [ 1 10/65] via 1 0. 1 . 1 . 2, 00:00:10, ScrialO/0 
3. 0. .0 S [11 65J via 1 0. 1.1. 3, 00 : : 1 , ScrialO/0 
4.0.0.0 8 LI 1 65J via 1 0. 1 .1 .4, 0(3:00:1 0, ScrialO/0 








On R2 








R2*Sho\v ip route ospf 








O 1.0.0.0/8 [ 110/65] via 10. 1.1.1, 00:072 l,Scrial0/0 
3. 0.0.0/8 [ 110/65] via 10.1.1. 3, 00:07:2 1 , ScrialO/0 
O 4.0.0.0/8 [ 110/65] via 1 0. 1.1.4 00:072 1 , ScriaW/O 








On \tt 








R3#Show ip route ospf 








1.0.0.0.8 [1 10/65] via 1 0. 1 . 1 . 1, 00:07:57, ScrialO/0 
2.0.0.0 8 [110.65] via 10.1.1.2, 0(3:07:57, ScriaW/O 
C ) 4. 0. . 0/8 [ 1 1 0/6 5 ] via 1 (3 . 1 . 1 . 4, (K3 :0 7 :5 7 , ScriaW/0 








On R4 








R4#Show ip route ospf 








1.0.0.0 8 [110/65] via 1 D. 1 . 1 . 1, 0(3:08:30, ScriaW/0 
2.0.0.0 8 [1 10 65] via 1 0. 1.1.2, 0(3:08:30, ScriaW/0 
3. 0. 0.0 8 1 1 1 65] via 1 0. 1 . 1 . 3, (H3:08:30, ScrialO/0 






Task 2 




Ensure that every router has N'LR] to the loopback interfaces advertised 
should use ping to test and verify reachability. 


in OSPF, you 




To test the reachability: 








On R2 
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R2#Sho\v ip route Ogpf 

O 1 .0.0 .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 08 :2 7 2 6 , ScrialO/0 
3.0.0.0/8 [ 1 1 0/65 J via 10.1.1.3, 08:27:26, ScrialO/0 
4.0.0.0/8 [ 1 10/65 J via 1 0. 1 . 1 .4, 08:27:26, ScrialO/0 

Note 112 will not have reachability to networks 3.0.0.0/8 or 4.0.0.0/8, because it docs 

not have layer 2 mapping for the next hop IP address. 

In OSPF NON BROADCAS T network type the next hop IP address is the IP 

address of the router that originated the route and NOT the router that advertised 

it, therefore, the spokes \\\\\ not have NLRI to networks advertised by other spokes, 

this problem can be resolved by configuring the following Frame-relay map 

commands: 

On each spoke a "Frame-relay map"" command is configured for the frame-relay 

interface IP address of the other spokes using their only DLCI pointing to the hub, 

as follows: 

On R2 

RZfconfig)* interface SO/0 
RZieonfig-if^Framc-rclaymap ip 10.1.1.3 201 
R2(config-if)#Frarnc.rclay map ip 10. 1 . 1 .4 20 1 

On R3 

R3(config)# interface SO/0 
R3i;config-if>Framc-rclay map ip 10.1.1.2 301 
R3 (con fig- if)rrFramc- relay map ip 10. 1.1.4 301 

On K4 

R4(config)# interface SO/0 

R4 (con fig- if)r*Framc- relay map ip 10. 1 . 1 .2 40 1 

R4(config-if)r*Frarne- relay map ip 10. 1 . 1 .3 40 1 

To test the configuration: 



On R2 



R2*Ping 3.3.3.3 



Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echosto 3.3.3.3 r timeout is 2 seconds: 
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Success rule is 100 percent (5/5), 


immd-tr.p 


min/avg'miix = 


112/113/117 


mi 


R2*Ping 4.4.4.4 










Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Eehosto 4.4,4.4* 

MM* 


.".iv.coui > I seconds 




Success rate is 1(10 percent (5''5), 


round- trip 


rnin/avg'max = 


112/115/120 


ms 


On K3 










R3#Ping 2.2.2.2 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 2.222, 

MMI 


timeout is 2 seconds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112/125/168 


ms 


R3#Ping 4.4.4.4 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 4.4.4.4, 
mil 


timeout is 2 seconds: 




Success rate is 1 00 percent (5/5), 


round-trip 


min/avg'max = 


112/113/116 


ms 


On R4 










R4#Ping 2.2.2.2 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 2.2.22, 

MMI 


timeout is 2 seconds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112/121/148 


ms 


R4*Ping 3.3.3.3 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 3.3.33, 

MM! 


timeout is 2 scco nds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


11 2' 113 '116 


ms 
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Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 13 - OSPF Broadcast Networks 



/ 



/ 



/ 



/ 



Ama_Q 



/ 




1.1.1.1 /s sq/0 10.1.1.1 #4 



' 




iai,u.'2i 




SQrt) HX1.1.3/24 




3. a 3.3 & 
LoO 



N 



X 



\ 



Area 



X 



SO/O 



10.1.1.2/24 




?.?.?.2,e 

LoO 



\ 



\ 



/ 



/ 



/ 



/ 



s 



l.al> Si 1 tun: 



> Configure Rl as the hub and R2, R3 and R4 as spokes.. 

> Configure ail routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on any of the routers. Use the "broadcast" keyword when 
configuring the "Frame-relay map 1 ' statements. 

> Use the IP addressing chart below tor IP assignment. 
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II J addt Lssinjj; 



Router 


Interface/ IP address 


Rl 


SO =10.1.1.1 04 
LoopbackO = 1.1.1.1/8 


R2 


SO 0= 10.1.1.2/24 
LoopbackO = "'A?.? /8 


R3 


S0.0 = 10.1.1.3/24 
LoopbackO = 3 n - n - 3 /8 


R4 


90/0 = 10. 1.1.4/24 
LoopbackO = 4.4.4.4 ,'8 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area 0. 
Ensure that loopback interface of these routers are advertised with their correct mask. 
You should use OSPF BROADCAST network type to accomplish this task. 



On Rl 

R 1 [c o n fig)#ro u ter o sp f 1 

Rl(config-routcr)#nctw 10.1.1.1 0.0.0.0 area 
Rl i;config-router)#nctw 1.1.1.1 0.0.0.0 arcaO 

Rlfconfig-routcr^int loO 

Rl fconfig-if)rrip ospf network point-to-point 

Note the following command is required since Rl is the hub. 

Rl (config)^ interface Serial 0/0 

Rl fconfig-if)rrip ospf network broadcast 

R 1 fc o n fig- if )#ip o sp f p rio rity 25 5 

On R2 

R2(config)#routcrospf I 

R2i;config-routcr)#nctw 10. 1. 1.2 0.0.0.0 area 
R2(config-routcr)#nctw 2.2.2.2 0.0.0.0 area 
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R2(config-routcr)#int loO 

R2(config-if)#ip QSpf network point-to-point 

On K3 

R3 [c o n figure ut cr o sp f I 
R3iconfig-routcr)nnctw 10. 1.1.3 0.0.0.0 area 
R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 area 

R 3 (c o n fig-ro u tcr)#in t loO 

R3(eonfig-if)#ip ospf network point-to-point 

On R4 

R4 ( 'c o n fig )?t ro lifer u sp f 1 

R4(config-routcr)#nctw 10.1.1.4 0.0.0.0 area 
R4(config-routcr)#nctw 4.4.4.4 0.0.0.0 area 

R4 (c o n fig-ro u t cr)#in t loO 

R4 icon fig- if)frip ospf network point-to-point 

Note the following command is required so the spokes will NOT participate in DR.'BDR 
election: it also changes the network type to BROADCAST. 

On R2. R3 and R4 

( config)# interface SerialO'O 
feonlig-if)rrip ospf network broadcast 
(conlig-if)#ip ospf priority 

Tu verify the confiif uratiun: 



On Rl 



Rl^Sh ip ospf neighbor 



Neighbor ID 

3.3.3.3 
4.4.4.4 



Pri State Dead Time Address 

FULL/DROTHER 00:00:32 10. 1. 1.2 

FULL/DROTHER 00:00:33 10.1.1.3 

FULL/DROTHER 00:00:31 10.1.1.4 



Interface 
ScrialO/0 
ScrialO/0 
ScrialO/0 



Rlf*Sh ip route ospf 
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2.0.0.0'S [110 65J via 10.1.1.2, 00:01:51, ScrialO/0 






3, CXO.0.8 [HO 65J via 1 0. 1.1. 3, 00:0 1 :5 1 , ScrialO/0 






4.0.0.0 8 [110/65] via 10.1.1.4, 00:01:51, ScrialO/0 






On R2 






R2#Show ip route uspf 






1 . 0. 0.0/8 [ 1 10/65] via 1 0. 1 . 1 . 1 , 00:02:29, ScrialO/0 






3.0.0.0 8 [1 10'65] via 10. 1.1.3, 00:02:29, ScrialO/0 






4.0.0.0 8 [110.65] via 10.1.1.4. 00:02:29, ScrialO/0 






On R.3 Note the next hop was NOT changed 






■/.In si like the previous lab 






R 3** S h o w i p ro ut c a sp f y^ / 






1.0.0.0/8 [110/65] via 10.1.1.1, 0&#3l09, SohalO/0 






2.0.0.0/8 [ 1 10/65] via 10. 1 .1 .2,1fo:03:09, SfcrialO/0 






4. 0. .0/8 [ 1 1 0/6 5 ] via 1 . 1 . 1 . 4, 00 : 3 :0 9/Scrial0/0 






On R4 / 






R4#Show ip route ospl" / 






1 . 0. 0.0/8 [ 1 1 0/65] via 10.1.1. £00:03:46, ScrialO/0 






O 2.0.0.0/8 [ 110/65] via 10. 1.1.2, 00:03:46, ScrialO/0 






3.0.0.0/8 [ 1 10/65] via 10. 1 .1 .3, 0(3:03:46, ScrialO/0 






Note Once again the next hop IP address is pointing to the router that advertised the 






route, in this ease the frame-relay solution from the previous lab can also be used as the 






solution to this problem, but remember that the "broadcast'" keyword should NOT be 






used when configuring the "Frame-relay map" statements on the spokes pointing to the 






frame-relay interface IP address of the wilier spokes. 




Task 2 


Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 14 - OSPF Point-to-Point Networks 



/ 



\ 



s 



/ 



Lrtl 10.1.14-4.24- 



AS 

S0n041 




Area 




t 



SttO.12 -::-1-12-1.f24 
SQ0.13 -C.1.1i1.'24 

SO.0.14 -::.1.14-1.'24 




N 



\ 



\ 



\ 



\ 



/ 



1U.1UM ggai L 



10.1.13.3/24 90/0.31 

Leil _ 





Lab Setup: 

> Configure Rl as the huh and R2. R3 and R4 as spokes. 

> Configure all routers in a Frame-relay Point-to-Point manner. 

> Use the IP addressing chart below tor IP assignment. 



II* addressing: 



CCIE R&<* bv Narbik Kucharians 



Advanced CCIE R&S Wurk Book 2.0 

C 2009 Nvbik Kucha riani. All rij|hti reierv«l 



Page 582 of 1068 



Router 


Interface; IP address 


DLCl, Router 


Rl 


SO/0.12 =10.1.12.1 ,24 

SO/0.13 = 10.1.13.1 ;24 
SO ,0.14 =10.1.14.1 ,24 
LoopbackO =1.1.1.1/8 


102,' 112 
103/R3 
1 04 R4 


R2 


SO 0.2! = 10.1.12.2 24 
LoopbackO =2.222/8 


201 Rl 


R3 


SO/0.31 = 10.1.133/24 
LoopbackO = 3 J. 3.3 8 


301 /Rl 


R4 


SO 0.41 = 10.1.14.4 24 
LoopbackO =4.4.4.4 /8 


401 Rl 



Task 1 

Conf-guru OSPF on a'.', routers and ad". ltLsu ihex d : tj ^ L '. j. connuL'tcd xiIltILijjs :n Area 0. 
Ensure that loopback interface of these routers arc advertised with their correct mask. 
You should use the OSPF "Point -to -Point** network type to accomplish this task. 



On Rl 

R 1 (con fig- if)#ro utcr ospf 1 
Rl (con%-routcr)#nctw 1.1.1.1 0.0.0.0 area 
Rl i;config-routcr)*nctw 1 0.1. 12. 1 0.0.0.0 area 
Rli;config-routcr)#nctw 10.1.13.1 0.0.0.0 area 
R I i;config-routcr)#nctw 1 0. 1 . 14. 1 0.0.0.0 area 

R 1 ( c. o n fig-ro a t cr)#in t loO 

Rl (eonfig-if)#ip ospf network point-to-point 

On R2 

R2(config)#routcrospf 1 
R2i;config-router)#nctw 22.22 0.0.0.0 area 
R2i;config-routcr)#nctw 10.1.12.2 0.0.0.0 arcaO 

R2(c onfig-rou tcr)#int loO 

R2(config-if)#ip ospf network point-to-point 
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On R3 

R3(eonfig)#routcrospf I 
R3(eonfig-routcr)ri ! nctw 3.3.3.3 0.0.0.0 arcaO 
R3(config-routcr)#nctw 1 0. 1. 13.3 0.0.0.0 area 

R3 ( c o n fig-ro Liter)" in t loO 

R3(eonfig-if)#ip ospf network point-to-point 

On R4 

R4(eonfig)#routcrospf I 
R4i;eonfig-routcr)#nctw 4.4.4.4 0.0.0.0 area 
R4i;eonfig-router)#nctw 10.1, 14.4 0.0.0.0 area 

R4 (e o n fig-r o u t cr)#in t k*0 

R4(eonfig-if)#ip ospf network point-to-point 

To verify the configuration: 

On HI 

R l~Show ip route ospf 

2.0.0.0 8 [110 65] via 10.1.12.2,00:02:33, ScrialO/0.12 
3.0.0.0 8 [110 65] via 10.1.13.3, (X):02:33, ScrialO/0.13 
4.0.0.0,8 [110.65] via 10.1.14.4, 00:0233, Scrial0V0.14 

On R2 

R2#Show ip route ospf 

1.0.0.08 [110/65] via 10.1.12.1, 00:03:07, ScrialO/0.21 
3.0.0.0 8 [110 129] via 10.1.12.1, 00:03:07, ScrialO/0.21 
4.0.0.0 8 [110. 129] via 10.1.12.1, 00:03:07, ScrialO/0.21 

10.0.0.0.24 is subnet ted, 3 subnets 
10. 1.14.0 |110/128] via 10.1.12.1, 00:03:07, ScrialO/0.21 
O 10. 1 .1 3.0 [110/128] via 10. 1.12.1, (K):03:07, ScrialO/0.2 1 

On R3 

R3rrSho\v ip route ospf 
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1.0.0.0 8 [110 '65] via 10.1.13.1, 00:04:15, ScrialO/0.31 
10.0.0.8 LI 10 129J via 10.1.13.1, 00:04:15, ScrialQ/0.31 
4.0.0.0 8 [I10/129J via 10.1.13.1, 00:04:15, ScrialO.0.31 

10.0 .0 . 0/24 i s sli bn ctt cd, 3 sub nets 
10. 1.14.0 [110/128] via 1 0. 1.1 3.1 , 00:04: 1 5, ScriaK)/0.31 
10.1.12.0 [110/128] via 10. 1.13.1, 00:04: 15, ScrialO/0.31 

On K4 

R4"Sho\v ip route ospf 

1.0.0.0/8 [ 1 10/65] via 10. 1 .14.1 , 00:05:04, ScrialO/0.4 1 
2.0.0.0/8 [110/129] via 10.1.14.1, 00:05:04, ScrialO/0.41 
3.0.0.0/8 [110/129] via 10.1.14.1, 00:05304, Scrial0/0.41 

10.0.0.0/24 is subnet ted, 3 subnets 
10. 1.13.0 [110/128] via 10. 1. 14.1, 00:05:04, SerialO/0.41 
10.1.12.0 [110/128] via 10. 1.14.1, 00:05:04, ScrialO/0.41 

Note the next hop is changed, this is because of OSPF network type, in OSPF Point- 
to- Point network type, the next hop IP address is no longer the router that 
originated the route, it's the muter that advertised the route. 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab IS - OSPF Puint-tu-Miiltipoint Nctworks-I 
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L.ali Si-tuu: 



> Configure Rl as the huh and R2. R3 and R4 as spokes. 

> Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interface's on any of the mutcrs. Use the "broadcast" keyword when 
configuring the "Frame- re! ay map 1 ' statements. 

P Use the IP addressing chart below for IP assignment. 
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II* ad rins sing: 



Router 


Interface / IP address 


Rl 


SO = 10.1.1.1 .24 
LoopbackO =1.1.1.1 '8 


R2 


90/0 = 10.1.1.2 24 
LoopbackO = 2.2,2.2, '8 


R3 


90/0 = 10.1.1.3/24 
LoopbackO =3 3 3 3/8 


R4 


SO = 10.1.1.4,24 
LoopbackO = 4.4.4.4 /8 



I ask I 

Configure OSPF on all routers and advertise their directly connected interlaces in Area 0. 
Ensure that loopback intcria.ee of these routers arc advertised with their correct mask. 
You should use OSPF BROADCAST network type to accomplish this task. 



On Rl 

Rl (con fig- if)#ro Liter ospf 1 

R 1 (config-rou tcr)#nctw 1.1.1.1 0.0. 0. area 

Rli;config-routcr)#nctw 10.1.1.1 0.0.0.0 area 

Rl (c o nfig-ro Liter )#int loO 

R I (config-if)#ip ospf network point-to-point 

Rl (config-router)#int SO/0 
Rlfconfig-ilVip ospf network Broadcast 

On R2 

R2(config)#routcrospf 1 
R2i;config-routcr)#nctw 2.2.22 0.0.0.0 arcaO 
R2i;config-routcr)*nctw 10.1.1.2 0.0.0.0 area 

R2 ( c o n fig -r o u tcr)#in t loO 

R2(config-if)#ip ospf network point-to-point 
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R2(c on fig-ro u tcr)#int SO/0 






R2(config-if)#ip QSpf network Bi 


"oadcast 




On R3 






R3(config)#routcr ospf I 






R3(COiifig-rOiiter)#netw 3.3.3.3 0.0.0.0 area 




R3i;config-routcr)#nctw 10. 1. 1.3 


0.0.0.0 area 





R 3 (con fig-ro utcr)#int loO 






R3(config-if)#ip ospf network point-to-point 




R 3 (c o n fig-ro u tcr)#in t SO/0 






R3(config-if)#ip ospf network Broadcast 




(Jn k4 






R4 (c o n fig J#fO u tcr o sp f 1 






R4 (con fig-ro utcr)#nctw 4.4.4.4 0.0.0.0 area 




R4 fc o n fig-ro Liter)* net w 10.1.1.4 0.0.0.0 area 





R4(config-roLiter)#int loO 






R4(config-if)#ip ospf network pc 


in t-to- point 




R4 (c o n fig-ro u tcr)#in t SO/0 






R4(config-if)#ip ospf network Bi 


-oadcast 




To verify the configuration: 




On kl 






Rl^Sh ip route ospf 






2.0.0.0:8 [ 1 10/65] vk 10. 1.1 


2, 00:00:46, 


SerialO/0 


O 3.0.0.0.8 [110 6Sj via 10. 1.1 


.3,00:00:46, 


ScrialO/0 


4.0.0.0/8 [ 1 1 .0/65] via 10.1.1 .4, 00:00:46, 


ScrialO/0 


On R2 






R 2** Show ip route ospf 






1.0.0.0 8 [11065] via 10.1.1 


1,00:01:07, 


ScrialO/0 


3.0.0.0 8 [110 65] via 10.1.1 


.3,00:01:07, 


ScrialO/0 


4.0.0.0 8 | 110 65' via 10. I.I 


.4, 00:01:07, 


ScrialO/0 
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On K3 

R3#Shcnv ip route ospf 

1 . 0. .0/8 [ 1 1 0/65 J via H). I.I. K 00:0 1:15, ScrialO/0 
O 2.0.0.0 8 [110 '65 J via 10. 1.1.2, 00:01:15, ScrialO/0 
4.0.0.0 8 LI 1 65J via 10. 1.1.4, 00:01:1 5, ScrialO/0 

On K4 

R4r*Show ip route ospf 

1 . 0. .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 :0 1 0.2 , ScrialO/0 
2.0.0.0/8 [110/65] via 10.1.1.2, 00:01:22, ScriaW/0 
3, 0. .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 3, 00 : 1 :22 , ScriaW/O 



Task 2 

Ensure that the routers have rcae Inability to every Loopback interlace advertised in OSPF 
routing protocol, DC) NOT use the "Frame-relay map" command or any global 
configuration command as part of the solution to accomplish this task. 



On All Routers: 

(config)#int sO.'O 

(conlig-it)#ip ospf net point-to-multipoint 

To verify the configuration: 

On R2 

R2"Sho\v Ip route ospf 

1.0.0.0 8 LH0/65J via 10. 1.1.1, 00:00:51, ScrialO/0 

3.0.0.0/8 [110/129] via 10.1.1.1,00:00:51, ScrialO/0 

O 4.0.0.0/8 [110/129] via 10.1.1.1, 00:00:51, ScrialO/0 

1 0.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 10.1.1.3/32 1110/1281 via 10.1.1.1, 00:00:51, Serial0/0 
O 10.1.1.1/32 1 110/641 via 10.1.1.1, 00:00:51, SerialO 
() 10.1.1.4/32 1110/1281 via 10.1.1.1, 00:00:51, SerialO 
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On K3 

R3f*Sho\v ip route ospt' 

I . ft .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 : :5 7 , ScrialO/0 

10.0.08 [110/129] via 10.1.1.1,00:00:57, ScrialO/0 

4.0.0.0 8 [110/129 J via 10.1.1.1, 00:00:57, ScrialO/0 

1 0.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 1 D. 1. 1.2/32 1 1 1 0/ 1 281 via 1 0.1.1.1, 00:00:57, SerialO/0 
() 1 0. 1.1. 1/32 1 1 1 0/641 via 1 0. 1.1.1, 00:00: 57, SerialO'O 
() 10.1.1.4/32 [110/123] via 10.1.1.1, 00:00:57, SerialO 

On R4 

R4frSho\v ip route ospf 

1.0.0.0/8 [110/65] via 10. 1.1.1, QD:0l306, ScrialO/0 

2.0.0.0/8 [ 1 10/129] via 10. 1.1.1, 00:0 1 :06, ScrialO/0 

10.0.0/8 [ 1 10/129] via 10.1.1.1, 00:0 1 :06, ScrialO/0 

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 10.1.1.2/32 (110/1281 via 10.1.1.1, 00:01:06, SerialO 
10.1.1.3/32 1110/1281 via 10.1.1.1, 00:01:06, SerialO/ 
() 10.1.1.1/32 1110/641 via 10.1.1.1, 00:01:06, SerialO' 

Note OSPF Point-to-Multipoint network type creates a host route for the IP address 
of all the interfaces connected to the frame-relay cloud, and because of this 
behavior, the spoke routers can mm have NLRI to all the other spoke routers, and 
the next hop IP address of the advertised prefixes is set based on the advertising 
router and NOT the router that originated the route, unless the advertising and the 
originator of the mute happens to be the same router. 

To Test the configuration: 



On R2 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 17 ms 
R2#Ping 4.4.4.4 
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Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

| MM 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/124 ms 








On R3 








R33Piiig 2.2.2.2 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.2.2. timeout is 2 seconds: 

1 M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 








R3#Ping 4A4.4 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 








Success rate is 100 percent (S'5>, round- trip min/avgmax = 112/1 13/1 17 ms 








On R4 








R4#Piny 2.2.2. "> 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.22, timeout is 2 seconds: 

( M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12' 113/1 17 ms 








R4#Ping 3.3.3.3 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 3.3.3.3, timeout is 2 seconds: 

1 M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 






Task 3 




Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 16-OSPF Point-to-Multipoint Nctworks-II 
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Lab Setup: 



> Configure R 1 as the hub and R2. R3 as spokes. 

> Configure all routers in a Frame- relay Multipoint manner. EX) NOT configure 
sub- interface's. 

> FO/0 interface of R3 and R4 should be configured in VLAN 34. 

> These routers should use the "broadcast" keyword when configuring the "Frame- 
relay map" statements. 

> Use the IP addressing chart below tor IP assignment. 



IP addressing: 



Router 


Interface / IP address 


Rl 


SO/0 =10.1.1.1 /24 
LoopbackO =1.1.1.1 '8 


R2 


SO/0 = 10.1.1.2 '24 
Loop hat Id) = 2.2.2.2 /8 


R3 


SO = 10.1.1.3/24 
FOG = 10 ,7?3/74 
LoopbackO = 3.3.3.3/8 


R4 


FO/0 =10.2.2.4 '24 
LoopbackO = 4.4.4.4 '8 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area. 0. 
Ensure that loopback interlace of these routers arc advertised with their correct mask. 
Ensure that the OSPF BROADCAST network type is configured on the OSPF enabled 
interfaces except the loopbacks. 



On All Routers 

(config-if)#int loO 

(conlig-itVip ospf net point-to-point 
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On R2 and K3 

(conlig)#int sO/0 
(config-iiVip ospf priority 
(config-if)#ip ospf net broadcast 

On Rl 



R 1 (c o n fig)#ro titer o sp f I 

R 1 (config-rou tcr)#nctw 1 . 1 . 1 . 1 . 0. 0. arc 

R] i;config-routcr)#nctw 1 0. 1. 1. 1 0.0.0.0 area 

Rli;config)#intsO/0 

Rl (config-if)#ip ospf priority 255 

On R2 

R2 f c o n fig)#ro Liter o sp f 1 
R2i;conf]g-routcr)#nctw 2.2.22 0.0.0.0 area 
R2(config-routcr)#nctw 10.1.1.2 0.0.0.0 arc 

On R3 

R 3 (eonfig)#ro Liter ospf 1 
R3i;config-routcr)#nctw 3.3.3.3 0.0.0.0 arc 
R3(config.routcr)#nct\v 10.2.2.3 0.0.0.0 arcO 
R3(config-routcr)#nctw 1 0. 1. 1.3 0.0.0.0 arc 

On R4 

R4(config)nro utcr ospf 1 
R4(config-roLitcr')#nctw 4.4.4.4 0.0.0.0 arc 
R4(config-routcr)#nctw 10.2.2.4 0.0.0.0 arc 



To verity the configuration: 



On Rl 

Rl#Sh ip route ospf 

O 2.0.0.0/8 [ 110/65] via 10.1.1.2, 00:00305, ScrialO/0 
3. 0.0 .0/8 [ 1 1 0/6 5] via 10. 1.13, 00 : :0 5 , ScrialO '0 
10.0.0.0 24 is subnet ted. 2 subnets 
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10.2.2.0 [ 110/65] via 10.1 .1.3, 00:00:05, ScrialO/0 

On R2 

R-^Sh ip route ospf 

O 1 .0.0 m [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , DO :0 :34 , ScrialO/0 
3. ft 0.0 8 [ 1 1 0. 65] via 1 0. 1 . 1 . 3, 0(3:00:34, ScrialO/0 
Q 4.0.0.0/8 [110/66] via 10. 1.1.3, 00:0034, ScrialO/0 

10.0.0.024 is subletted, 2 subnets 
10.2.2.0 [110/65] via 10.1. 1.3, 00:00:34, ScrialO/0 

On R3 

I^Sh ip route ospf 

O 1 .0.0 .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 : :0 5 , ScrialO/0 
2.0.0.0/8 [ 110/65] via 1 0. 1.1.2, 0(3:00:05, ScrialO/0 
O 4.0.0.0/8 [ 1 10/2 J via 10.2.2.4, 00:00:05, FastEtbcrnctO/0 

On K4 

R4#Sh ip route ospf 

1.0.0.0 8 L 1 1 66. \ :a 1 0.2.2.3, 00: 13:48, FastEthcrnctO/0 
2.0.0.0/8 [110/66] via 10.22.3, 00:13:48, FastEthcrnctO 
3.0.0.0/8 [110/2] via 10.2.2.3, 00:13:48, FastEthcmctO/0 

10.0.0.0 24 is subletted, 2 subnets 
10. 1.1.0 [110/65] via 102.2.3, (X): 13:48, FastEthcrnctO/0 



Task 2 

Ensure that these routers ean Ping every loopback interface advertised in this routing 
domain. DO NOT use Frame-relay map,, static routes, run PPP on the interfaces or any 
global configuration command as part of the solution to accomplish this task. 



On Rl. K2 and R3 

(config^intSO/O 

(config-il)#ip ospf network point-to-multipoint 
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On K3 and K4 

(coniig)#intF0 

(config-itV^ip ospf network point-to-multipoint 



lo vL'ritv thi' configuration: 



On Kl 

Rl^Sh ip route ospf 

O 2.0*0.0/8 [1 10 "65] via 1 0, 1 . 1 .2, 00:02:07, ScrialO/0 

10.0.0.8 LI 1 65J via 10. 1.1.3, 0(3:02:07, ScrialO/0 

4.0.0.0/8 [ 110/66J via 1 0. 1 . 1 . 3, 00:02:07, ScrialO/0 
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 

10. 1 .1 2/32 [1 10/64 J via 10. 1. 1 .2, 00:02:07, ScrialO/0 

10.22.3/32 [1 10/64] via 1 0. 1. 1 .3, 00:02:07, ScrialO/0 

10. 1.1.3/32 [110/64] via 1 0. 1. 1 .3, 00:02:07, ScrialO/0 

10.22.4/32 [1 10/65 J via 1 0.1. 1 .3, 00:02:07, ScrialO/0 

On K2 

R2*Sh ip route ospf 

1.0.0.0 8 [110 '65] via 10.1.1.1, 00:01:40, ScrialO/0 

3. 0. 0.0. 8 [ 1 1 0: 1 29] via 1 0. 1 . 1 . 1 , 00:0 1 :40, ScrialO/0 

4. 0. .0/8 [ 1 1 0/1 30] via 10.1.1.1, 00:0 1 :40, ScrialO/0 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 

Q 10.22.3/32 [110/128] via 10.1.1.1, 00:01:40, ScrialO'O 

10. 1.1.3 32 [110/128] via 10.1. 1.1, 00:01 :40, ScrialO/0 

1 0. 1.1.1 .'32 [ 1 10/64] via 10.1.1.1, 00:0 1 :40, ScrialO/0 

Q 1 0.22.4/32 [1 10/129] via 10.1.1.1, 00:0 1 :40, ScrialO'O 

On K3 

R3#Sh ip route ospf 

1. 0.0.0 8 [1 1 65] via 10. 1.1. 1, 00:0 1 :! 9, ScrialO/0 

2.0.0.0 .8 [110. 129] via 10.1.1.1, 00:01:19, ScrialO/0 

4.0.0.0/8 [ 1 10/2] via 102.2.4, 00:0 1: 1 9, FastEtbcrnctO/0 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
Q 1 0. 1 . 1 2/32 [ 1 1 0/128] via 1 0. 1.1.1, G0:0 1:19, ScrialO'O 
10. 1.1.1/32 [110/64] via 10.1.1.1, 00:01:19, ScrialO'O 
O 1 0. 2.2.4 32 1 1 1 1 ; via 1 0.2.2.4, 00:0 1 : 1 9, FastEthcrnctO 
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On K4 

R4#Sh ip route ospf " 

1.0.0 .0/8 [ 1 1 0/6 6 J via ] .2 2 . 3, 00 :00 :40 , FastEthcrnctO/ 

20.0.0.8 [110/130] via 10.2.2.3, 00:00:40, FastEthcrnctO 

3.0.0.0/8 [ 1 10/2 J via 10.2.2.3, 00:00:40, FastEtbcrnctO 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
10.1.12/32 [110/129] via 102.2.3, 00:00:40, FastEthcrnctO 
10.22.3/32 [110/1] via 10.22.3, 00:00:40, FastEthcrnctO/0 
1 ft 1 . 1 .3/32 [110/1] via 10.2.2.3, 00:00:40, FastEthcrnctO 
10. 1.1.1/32 [110/65] via 10.2.2.3, 00:00:40, FastEthcrnctO 

10 test the configuration: 



On R2 

R2#Piijg 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 3.3.3.3, timeout is 2 seconds: 

MMI 

Success rate is 10(1 percent (5/5), round-trip min/avg'max = 1 12/116/124 ms 

R2sPing 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/116/124 ms 

On K3 

R3#Ping 222.2 

T>pc escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 22.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/124 ms 

On R4 

R4#Pine I.I.I. I 
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Type escape sequence to abort. 












Sending 5 , lOO-bytc ICMP Echo s to 


1.1. 


.1* 


timeout is 2 seconds: 




| MM 












Success rate is 10(1 percent (5/5), n. 


und- 


i.r.p 


min/avg'max = 


56/58/61 


ms 


R4#Ping 2.2.2.2 












Type escape sequence to abort. 












Sending 5, 100-bytc ICMP Eehosto 


?■)"!"! 


timeout is 2 seconds: 




( M M 












Success rate is 100 percent (5*5), rt 


und- 


tnp 


min/avg'max = 


112 '114.' 


116ms 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 17- OSPF Point-to-Multipoint NON- 
BROADCAST Networks 
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Lab Setup: 

> Configure Rl as the hub and R2, and R3 as spokes. 

> Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on any of the routers. Use the "broadcast 1 ' keyword when 
configuring the "frame-relay map" statements. 

> Configure the FO/O interlace of R2 S R3 and R4 in VLAN 234 

> Use the IP addressing chart below for IP assignment. 

IP illicit -L'ssinij: 



Router 


Interface / IP a ci dress 


Rl 


SO = 1 0. 1 . 1 . 1 24 
LoopbackO = 1. 1.1.1/8 


R2 


SO/0 = 10.1.1.2/24 
F0 = 10.1.234.2/24 


R3 


SO = 10.1.1.3/24 
F0 = 10.1234.3/24 


R4 


LoopbackO = 4.4.4.4 S 
F0/0= 10.1.234.4/24 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interlaces in Area 0. 
You should use OSPF BROADCAST network type on the frame-relay interfaces to 
accomplish this task. 
Ensure that loopback interface of R I and R4 arc advertised with their correct mask. 



On Rl 

Rl (config-if)frroLitcr ospf I 

Rl (config-routcr)*nctw 1.1.1.1 0.0.0.0 arcaO 

Rli;config-routcr)#nctw 10.1.1.1 0.0.0.0 area 
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Rl(config-roiitcr)#int loO 

Rlfeonfig-if)#ip QSpf network point-to-point 

Rl (c o n fig-ro liter)* in t SO/0 

Rl (config-if)#ip ospf network Broadcast 

Rl(config-ii>ip ospf Priority 255 

On R2 

R2(config)#routcrospf 1 

R2 (con fig-ro utcr)#nctw 10.1. 1.2 0.0.0.0 area 

R2 icon fig-ro utcr)#nctw 10.1.234.2 0.0.0.0 area 

R2(config-roLitcr)#int S0/0 
R2(config-if)#ip ospf network Broadcast 
R2(config-if)#ip ospf Priority 

On R3 

R 3 (c o n fig )# ro titer sp f I 

R3(config-routcr)#nctw 10.1. 1.3 0.0.0.0 area 
R3 icon fig-ro utcr)#nctw 10. 1.234.3 0.0.0.0 area 

R 3 ( c o n fig-ro u tcr)#in t S0/0 
R3fconfig-if)#ip ospf network Broadcast 
R 3 (c o n fig- if)#ip ospf P rio r i t y 

On R4 

R4 (c o n fig)#ro u tcr o sp f I 

R4 (c o n fig-ro u ter)#netw 4 . 4. 4 .4 . 0. 0. area 

R4(config-routcr)#nctw 10.1.234.4 0.0.0.0 arcaO 

R4 (con fig-ro utcr)#int loO 

R4(config-if)#ip ospf" network point-to-point 

To verify the configuration: 

On Kl 

Rl^sh ip route ospf 

4.0.0.0:8 [110/66] via 10. 1.1.3, 0(3:00:21, SerialO/0 
1 1 1 66 J via 1 0. 1 . 1 .2, 00: 00:2 1 , SerialO/0 
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10.0.0.0. 24 is subletted, 2 subnets 
10. 12340 [110/65] via 1 0. 1 . 1 3, 00:00:2 1 , ScrialO/0 
[ 1 10/65] via 10.1 J 2, 00:00:2 1 , ScrialO/0 

On R2 

R2frSho\v ip route uspf 

1.0.0.0/8 [110/65] via 10.1. 1.1, 00:01:52, ScrialO/0 

4.0.0.0/8 [110/2] via 10.1.234.4, 00:01:52, FastEtbcrnctO/0 

On 1^3 

R3r*Show ip route ospl' 

i . 0. 0.0 8 [ 1 1 0/65] via 1 0. 1 . 1 . i , 00:00:08, ScrialO/0 

( ) 4. ft 0.0.8 [11 0/2 ] via 1 . 1 .234 .4 , 00 : :0 8 , Fas tE t hcrnctO/0 

On R4 

R4~Show ip route ospf 

1.0.0.0/8 [ 1 10 66] via 10. 1 .234.3, 00:00:1 9, FastEthcrnctO 
[110/66] via 10.1.234.2, 00:00:19, FastEthcrnctO/0 
1 0.0.0.0 24 is subnet ted, 2 subnets 
LOl 1.1 .0 [ 1 1 0/65] via 10. 1 .234.3, 00:00: 1 9, FastEthcrnctO/0 
[1 10/65] via 10.1234.2, 00:00:19, FastEthcrnctO/0 



Task 2 

R2 has a fram c- relay eir of 64Kbps and R3 has a frame-relay cir of 128Kbps, ensure that 
Rl traverses through R2 to get to the networks down stream to R2 and R3, Rl should 
ONLY traverse through R3 if R2 is down. DO NOT use PBR to accomplish this task. 



Note both R2 and R3 are advertising a cost ofl (Ref = 100, 000,000 bps/ Bandwidth 
= 100,000,000 bps) for network 4.0.0.0 8, Rl adds its cost of 64 through the Frame- 
relay interlace (Ref = 100,000,000 / Bandwidth = 1,544,000 bps) to the cost that is 
advertised to it by these two routers, as a result of that, Rl performs equal cost load 
balancing, remember R2 or R3"s frame-relay cost is NOT calculated. 

One possible method of dealing with this scenario is to configure Rl's frame-relay 
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interface with OSPF Point-to-Multipuint Non-Broadcast network type, this network 
tvpe allows Rl to associate a cost to each of it's downstream neighbors, the neighbor 
with a lower cost will he chosen as the best route. 

Remember in order for 2 OSPF routers to exchange mutes the network types must 
match, hut there are 2 exceptions to this rule and they are as follows: 

1 . A Point-to-Multipoint 4"^ Point-to-Point 

2. A Broadcast ^^ Non-broadcast 

In this case the first option is exercised as follows: 
On Rl 

Rl(config)#intSa'D 

Rl ieonfig-if)#ip ospf network point-to-multipoint non-broadcast 

The following command changes the OSPF hello-interval to match R2 and R3*i 
hello-interval 

R 1 (c o n fig- iiy i p o sp f hello - in tcrval 1 

Rl (config-if)#routcr ospf 1 

R 1 [c o n fig-ro u t cr )# ncighbo r 1 . 1 . 1 . 2 c o st I 

Rl (con fig-rout cr)#ncighbor 10.1 . 1.3 cost 2 

The following command changes the network type of R2 and R3 to point-to-point. 

On R2 and R3 

(CMfig)#mt SGfl 

( c o nl ig- i t)#i p o sp f net wo rk p o in t - to - po i nt 

To verify the configuration: 

On Rl 

R l^Shcnv ip route ospf 

O 4.0.(1.0/8 [110/3| via 10.1.1.2, 00:00:21, Seria 10. 

10.0.0.G'24 issubnetted 2 subnets 
O 10.1.234.0 1110/21 via 10.1.1.2, 00:00:21, SerialO/0 
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Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 18 
OSPF and NBMA 




Lab Setup: 

> R 1 should be configured with three sub- interfaces; the first sub-interface should 
be configured in a point-to-point manner connecting Rl to R2. R2 should not use 
a sub-interface for this connection. 

> The second and the third sub-interface of Rl should be configured in a multipoint 
manner, one connecting Rl to R3 and the other one connecting Rl to R4. 

> R3 should be configured in a point-to-point manner. 

> R4 should NOT use a sub-intcriacc for it's coniiLVLon to R 1. 
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II* Ad dressing: 



Router 


Interface 


IP address 


Area 


Rl 


LoO 


1.1.1.1 .8 


Area 




SO .0.12 


10.1.12.1 ,'24 


Area 2 




SOU 13 


10.1.13.1 .'24 


Area 3 




SO/0. 14 


10.1.14.1 24 


Area 4 


R2 


LoO 


2.2.12 ;s 


Anea 2 




SO/0 


10.1.12.2/24 


Area 2 


R3 


LoO 


T T T T iO 

5*3* J* J . O 


Area 3 




SO. 0.31 


10.1.13.3 24 


Area 3 


R4 


LoO 


4.4.4.4 .'8 


Anea 4 




Sii'li 


10.1.14.4 '24 


Area 4 



Task 1 



kl should bf the l)k in all I'ases. it' one- is required. 



Configure OSPF on all routers and advertise their directly connected networks in their 



assigned area identified in the IP addressing chart. 



On kl 

R 1 fc o n fig )#ro u t cr o sp f 1 

Rli;eonfig-router)#nct\v 1 0. 1. 12. 1 0.0.0.0 arc 2 
Rl(config-routcr)#nct\y 10.1.13.1 0.0.0.0 arc 3 
Rli;config-routcr)#nctw 10.1.14.1 0.0.0.0 arc 4 
Rl(config-routcr)#nctw 1.1.1.1 0.0.0.0 arc 

On K2 

R2(config)r#routcrospl' I 
R2iconfig-routcr)^nct\v 0.0.0.0 0.0.0.0 area 2 

On R3 

R 3 ( c o n fig )n ro u t cr o sp f I 
R3i;config-routcr)#nct\v 0.0.0.0 0.0.0.0 area 3 

On R4 
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R4(config-if)#routcr ospf ] 

R4(config-rou tcr)#nctw 0. 0. 0.0 . 0. 0. area 4 



Task 2 

Ensure that when the routers in area 2 attempt to establish a neighbor adjacency they arc 
successful (FULL STATE), but no routes arc exchanged. DC) NOT configure R2 to 
accomplish this task. 



On kl 

Rl(config)#im S0A.12 

Rl (config-subif)#ip ospf network point-to-multipoint non-broadcast 

R 1 (c o n figjfrro liter o sp f 1 

R 1 (config-rou tcr)#ncighbor 10.1.12.2 

To vL'fit'v tliL- confix untti on: 

On kl 

RlnShow ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

2.2.2.2 FULL/ - 00:01:49 10.1.12.2 SerialO/0.12 

33.3.3 FULL/ - 00:00:38 10.1.13.3 SerialO/0.13 

Rl^Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level- 1,*L2 - IS-IS levcl-2 
ia - IS-IS inter area. * - candidate default, U - pcr-uscr static route 

o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

C 1 .0. 0. 0/8 is d ircctly connected, LoopbackO 
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c 


10. 1.14.0 


s directly 


connected, 


ScrialuVO. 


14 
















C 


10.1.12.0 


s directly 


connected. 


SeriftUVO. 


12 
















c 


10. 1.13.0 


s directly 


connected. 


ScrialO/0. 


13 
















Note 


the two routers are 


in Full stal 


e hut they have not 


ex than 


ged 


niu 


tes. 
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s can 


also be accomp 


ished with "point-to 


-multipo 


int" 


netwo 


rk type 













Task 3 

Ensure that the routers in area 2 can establish an OSPF neighbor adjacency. R2 should 
not be configured at all to accomplish this task. 



On kl 

Rl(config)#intSO/O.I2 

Rl (config-subif)#ip ospf network non- broadcast 

Rl(config-subif)#ip ospf priority 255 

Rl (config)#ro titer ospf I 

R 1 (config-rou tcr ^neighbor 10.1. 12.2 

Note the "ip ospf priority'" command is required to make Rl the DR. When frame- 
relay is configured directly under the physical interface (Multipoint), the OSPF 
network type \>ill default to non-broadcast. In this task the network type of Rl's 
interface sO/0.12 is also changed to non-broadcast to match R2"s network type. In 
non-broadcast networks the "neighbor'" command in router config mode must be 
configured so the OSPF hello packets are exchanged via Unicast. 

To Verify the configuration: 



On kl 

R l-Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
l - IS-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,*L2 - 1S-1S levcl-2 
;a ■ IS- IS inter area, * - candidate default, L" • per- user static route 
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o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 1.0 .0 . 0/8 i s d i rcc t ly co n n cc ted , Loo p b ac kO 
2.0.0.0/32 is sub netted, 1 subnets 

O 2.2.2.2 1110/651 via 10.1.12.2, 00:00:08, SerialO/0.12 

10.1.0.0 24 is subnet ted 3 subnets 
C 1 0. 1 . 14.0 is d ircctly connected, Scrial0/0. 14 
C 1 0. 1 . 1 2.fl is d ircctly connected, ScrialO/0. 12 
C 10. 1.13.0 isdircctlv connected. ScrialG'0. 13 



Task 4 

Area 3 should be configured in a point-to-point network type, only one of the routers 
should be changed to accomplish this task. 



On Kl 



Rli;config)#intSO.O.I3 

R 1 fc o n fig-s ub if)#ip o sp f net po in t-to - no i nt 



In the earlier IDS releases when an interface' was changed from "non-broadcast" to 
"point-to-point'" we had to change the hello interval as well, because if the hello 
intervals did not match, the routers did not form neighbor adjacency. In the latest 
I OS releases the hello intervals automatically change when the network type is 

changed. 

To verify the configuration: 



On Kl 

R If* Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external type 1 , N"2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S level- 1, L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default, U - per- user static route 
o - ODR, P - periodic downloaded static route 



COE R&!s by Narblk kuchurians Ad* uiced CC1E R&S Work Book 2.11 Pqge 609afl068 

£ 20(19 NarbikKocharianx All rij|hU rcirrvwl 











Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65] via 1 0.1. 12.2,00:04:1 1, ScrialO'0.12 

3.0.0.0/32 is sub netted, 1 subnets 
3.3.3 J 1110/651 via 10.1.13.3, 00:01:26, SerialO 0.13 

10. 1.0.0' 24 is subnet ted 3 subnets 
C 1 0. 1 . 14.0 is d ircctly connected, Scrial0/0. 14 
C 10. 1.12.0 is directly connected, Scrial0/0. 12 
C 10. 1.13.0 is directly connected, ScrialG'O. 13 






I ask 5 

Area 4 should be configured with a totally different network type than task 2, 3 and 4. 
DC) NOT use point-to-multipoint to accomplish this task. 






On kl 

Rli;eonfig)#intS0 0.14 

R 1 ( c o n fig-s ub if)#ip o sp f net b ro adc ast 

Rl (con fig-s ubif)#ip ospf priority 255 

On k4 

R4(config.if)#int S0/0 
R4(config-if)#ip ospf net broadcast 

To verify the eonfimuration: 

On kl 

RI~Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
Nl - OSPF XSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-1S level- I ,"L2 - 1S-1S lcvcl-2 
ia - IS-IS inter area. * - candidate default, U - per- user static route 
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o - ODR. P -periodic downloaded static route 
Gateway of last resort is not set 

C LOO. 0/8 i s d i roc t ly co n n cc ted , Loo p b ac kO 

2.0.0.0/32 is subnetted, ! subnets 
2.22.2 [110/65] via 10.1. 12.2, {30: 10:54, ScrialO/0. 12 

3.0.0.0.32 is subnetted, 1 subnets 
3.3.3.3 [HO/65] via 10.1.13.3,(30:08:08, Scrial0/0. 13 

4.0.0.0/32 is sub netted, 1 subnets 
() 4.4.4.4 1110/651 via 10.1.14.4, 00:00:01, SeriaWO.14 

10.1.0.0/24 is subnet ted, 3 subnets 
C 1 0. 1 . 1 4.0 is d ircctly connected, Scrial0/0. 14 
C 10. 1 .12.0 is directly connected, ScrialO/0. 12 
C 10. 1.13.0 is directly connected, ScrialO'O. 13 






I ask 6 

Remove the priority command from Rl 's S0/0. 1 2 and set the network type to "point-to - 
multipoint non-broadcast". Ensure that these routers exchange routes. Do NOT change 
the network type to accomplish this task. 






On Rl 

Rl(config)#intS0/0.!2 

R!(config-subif)#NO ip ospl* priority 255 

Rl (config-subif)#ip ospf network point-to-multipoint non-broadcast 

Rl(config)#lntcrfacc Tunnel 1 

Rl (config-iftttp address 200. 1 . 12. 1 255.255.255.0 

Rl (config-if)r#tunncl so urcc 10. 1. 1 2. 1 

Rl (config-iiytunncl destination 10. 1. 12.2 

R! (config-iiVroutcr ospf 1 

Rl(COnfig-router)#NO nctw 1 0.1 . 12.1 0.0.0.0 area 2 

Rlfconfig-routcrJ^nctw 200.1.12.1 0.0.0.0 arcaO 

The reason to remove the network 10.1.12.0 from OSPF is to prevent recursive 

loops. 

On R2 




cc 
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R2(config)#]ntcrfacc Tunnel 1 
R2(config-it>ip address 200. 1. 12.2 255.255.255.0 
R2(config-il>tunncl so urcc ! 0. 1. 1 2.2 
R2(config-if)#tunncl destination 10. 1. 12. 1 

R2(config-if)#routcr ospl" 1 
R2(CQnfig-rautcr)#NO nctw 0.0.0.0 0.0.0.0 area 2 
R2 fc o n fig-ro u tcr)#nctw 200.1.12.2 0. 0. . area 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 area 2 

Note on R2 we must remove the earlier network statement ( 0.0.0.0 0.0.0.0 area 2) oi 
else all the interlaces will he advertised in area 2 and this is not the desired 
behavior. Lastly we must advertise network 2.0. 0.(1 in area 2. 

To verify the confiuuratiun: 

i n 

On K2 

R2f*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external O - OSPF, 1 A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF N'SSA external type 2 
El - OSPF external type 1, E2 - OSPF external t>pc2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-IS level -1,*L2 - IS-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, L' - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

() 1.0.0.0/8 |11 0.'l 11 121 via 200.1.12.1, 00:00:11, Tunnell 

C 2.0.0.0'8 is directly connected, LoopbackO 

O IA 3.0.0.0/8 [110/1 1 176] via200.1.12. 1, 00:00:05, Tunnell 

4.0.0.0/32 is subnetted, 1 subnets 
O 1 A 4.4.4.4 [110/1 1 1 76 J via 200. 1 . 12. 1, 00:00: 1 1 , Tunnel 1 
C 200. 1.1 2.0/24 is directly connected, Tunnell 

10.1.0. Q'24 is subnetted, 3 subnets 
OlA 10.1. 14.0 [110/1 11 75J via 200. 1.12.1, 00:00: 11, Tunnell 
C 1 0. 1 . 1 2.0 is directly connected, Scrial0/0 

OlA 10.1.13.0 [1 10/111 75J via 200. 1.12.1,00:00:12, 

Note the reason network 1.0.0.0 shows up as an Intra- area route is because R2 has 
an interface in area and network 1.0.0.0 is from area 0. 
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On Kl 

R1#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - E 1GRP external, - OSPF, 1 A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF XSSA externa! type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - IS-IS summary, LI - 1S-1S lcvcl.l,'l_2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - per- user static route 
o - ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

C 1.0.0.0/8 is directly connected, LoopbackO 
() I A 2.0.0.0/8 1110/111121 via 200.1 J 2.2, 00:02:33, Tunnel 1 
3.0. 0.0/8 [1 10/65] via 10. 1 . 1 3.3, 00:02:43, ScrialO'0. 1 3 
4.0.0.0/8 [1 10/65] via 10.1.14.4, 00:02:33, ScrialO/0.14 
C 200. 1. 12.0/24 is directly connected, Tunncll 

1 0. 1 .0.0/24 is sLibnettcd, 3 subnets 
C 1 0. 1 . 14.0 is directly connected, ScrialQ'0. 14 
C 1 0. 1 . 1 2.0 is d ircctly connected, ScrialO/'0. 12 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO/'0. 1 3 

The reason network 2.0.0.0 Shows up as an Inter-area route is because the Ideal 
router (Rl) does not have an interface in area 2. 



Task 7 

Erase the startup conlig and reload the routers be lore proceeding to the next lab. 
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Lab 19 
Forward Address Si 
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Lab Setup: 

> Every frame-relay connection should be configured in a Point- to -Point manner 

> Use the IP addressing scheme below for IP address assignment: 

> Configure the FO/0 interface of Rl and R2 in VL AN 1 2 and the FO/1 interlace of 
R2 and R3 in VLAN 23; FO/0 interlace of R4, R5 and R6 should be configured in 
VLAN 4, 5 and 6 respectively. 

IP addressing: 



Router 


Interface/ IP address. 


DLC1 


Connecting to 


Rl 


SO 0.12 = 200.1.12.1 .24 
Lo0= 1.1.1.1/8 


102 


R2 


R2 


Fflrtl = 200.1.12.2/24 




Rl 




FU/1 =200.1.23.2/24 




R3 




I.oO = 2.2.2.2 A) 






R3 


F0 = 200. 1.23.3 24 




R2 




SO 0.34 = 200.1.34.3/24 


304 


R4 




SO 0.35 =200, 1.35.3/74 


305 


R5 




SO 0.36 = 200.1.36.3 24 


306 


R6 




Lo0 = 3.3.3.3/8 






R4 


SO/0.43 = 200.134.4/24 
FU/0 = 4.4.4.4 * 


403 


R3 


R5 


SO 0.53 = 200.1.35.5 24 
FQ0 = 5.5.5.5/8 


503 


R3 


R6 


S0'0.63 = 200. 1.36.6 '24 
FOCI = 6,6,6.6 '8 


603 


R3 



Task I 

Configure OSPF Area on Rl, R2 and advertise their directly connected interlaces in 
this Area. 



On Rl and K2 

(config!i#routcrospf 1 
i;eonfig-rautcr)#nctw 0.0.0.0 0.0.0.0 area 

To verifv the confimiratiun: 
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On kl 

RlftSh ip route ospf 

2.0.0. Q 32 is subnetted, I subnets 
2.222 [110/65] via 200.1. 12.2, 00:00:0 1 , ScrialO 0. 12 
O 20 0.1. 23 . 0' 24 [ 1 1 ■ 1 2 8 1 v ia 2 00 . 1 . 1 2 .2 , 00 : :0 1 , ScrialQ'O . 1 2 



Task 2 

Configure R3 ! s Loopbaek interface and its frame-relay connection to R4, R5 and R6 in 
Area 1, and it's Framc-rclav connection to R2 in Area 0. 



On R3 

R3(config)#ro utcr ospf* I 
R3i;config-routcr)#nct\v 3.3.3.3 0.0.0.0 area 1 
R3(con%-routcr)#nct\v 200. 1 .34 
R3(oonfig-router)#netw 200.1 .35 
R3i;config-routcr)#nctw 200.1 .36 
R3 (c o n fig-ro u tcrj^nctw 200.123 



3 0.0.0.0 area 1 
3 0.0.0.0 area 1 
3 0.0.0.0 area 1 
3 0.0.0.0 arcaO 



To verify the configuration: 

On K3 

R3n ! Sh ip route ospf 

1 .0.0.0 32 is subnetted, I subnets 
1.1.1.1 [110/846] \ia200. 1.23.2, 00:00:58, ScrialO/1.32 

2.0.0. 0/32 is subnetted, I subnets 
O 2222 [110/782] via200. 1 .23.2, 00:00:58, ScrialO/1.32 
O 200. 1 . 12.Q'24 [ 1 10/8451 via 200. 1 23.2, 00:00:58, ScriaUVI.32 

On kl 



Rl#Sh ip route ospf 

2.0.0.0/32 is subnetted, I subnets 
O 2.2.2.2 [IIP 65; via 200. 1.12.2, 00:02:05, ScrialO 0. 12 
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IA 200. 1.36.0 24 [110/909] via 200. 1.1 2.2, 00:02:05, ScrialO'0.12 
200. 1.23.0/24 [110/128J via 200. 1.12.2, 00:02:05, Scrial0/0.12 

3.0.0.0/32 is subncttcd, I subnets. 
1 A 3.3.3.3 [110/129 J via 200. 1.122, 00:02:05, ScrialG''0.12 
IA 200. 1.34.0/24 [110/909] via200. 1.12.2, 00:02:05, ScrialO/0.12 
IA 200. 1.35.0 24 [110/909] via 200. 1.12.2, 00:02:05, ScrialO/0.12 



Task 3 

Configure the Frame-relay connection of R4, R5 and R6 to R3 in Area 1. These routers 
should redistribute their F0/0 interface in OSPF routing protocol, you should NOT use an 
access-list or a prefix-list to accomplish this task. 



On R4 

R4(config)#routcrospf I 
R4(config-routcr)#nctw200.1.34.4 0.0.0.0 area 1 

On R5 

R5(config)#routcrospf 1 
R5(config-routcr)#nctw 200.1.35.5 0.0.0.0 area 1 

On R6 

R6 (c o n fig)#ro u t cr o sp f 1 
R6iconfig-routcr)#nct\v 200.1 .36.6 0.0.0.0 area 1 

On R4. R5 and R6 

fconfig.Wroutc-map TST permit 10 
(config-routc-map)nmatch interface F0 

(config)#routcrospf I 

( co n±ig-ro utcr) ^redistribute connected route-map TST subnets 



To verify the configuration: 



On Rl 
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Rl*Sh ip route QSpf 

2.0.0.0. 32 is subnettcd, I subnets 
2.222 [110/65] via 200.1. 12.2, 00:12:37, ScrialM). 12 
1A 200. 1.36.Q24 [110/909] via 200. 1.1 2.2, 00:12:37, ScrialO/0.12 
200. 1.23. 0/24 [110/128] via 200. 1.122, 00:12:37, ScrialM). 12 

3.0.0.0 32 is subnettcd, I subnets 
1A 3.3.3.3 [110/129] vk 200. 1.122, 00:12:37, ScrialO/0. 12 
E2 4.0.0.0/8 [110/20] via 200. 1.1 2.2, 00:03:39, ScrialO/0.12 
1A 200.1.34.0/24 [110/909] via 200. 1.12.2, 00:12:37, ScrialO/0.12 
E2 5.0.0.0/8 [110/20 J via 200. 1.12.2, 00:00:14, Scrialfl/0.12 
1A 200. 1.35.0/24 [110/909] \ia200. 1.12.2, 00:12:37, ScrialO/0.12 
E2 6.0.0.0.8 [110/20 J via 200. 1.12.2, 00:0 1:29, ScrialO/0.12 






Task 4 

Configure Area 1 as a N'SS A. 






On R3. R4. \15 and R6 

(configWro Liter ospf 1 
feonfig-routcr)r*arca 1 nssa 

To verily the configuration: 

On R3 

R3irSh ip route ospf 

1.0.0.0 32 is subnettcd, 1 subnets 
1.1 .1.1 [ 1 10/846] via200. 1 .23.2, 00:0 1 :30, ScrialQi .32 

2.0.0.0/32 is subnettcd, 1 subnets 
2222 [110/782] via 200. 1.23.2, 00:01:30, ScrialQi.32 
() N2 4.0. 0.0/8 (110/201 via 200.1.34.4, 00:00:35, SerialO/1.34 
\2 5.0.0.0/8 (110/201 via 200.1 J5..5, 00:00:35, SerialO/1.35 
() \2 6.0.0.0/8 (110/201 via 200.1. 36..6, 00:00:35, Serial0/1.36 
200. 1 . 1 2.Q'24 [ 1 10/845] via 200. 1 .23.2, 00:0 1 :30, ScrialGi .32 

On Rl 

Rl^Sh ip route ospf 
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2.0.0.0/32 is subnetted, I subnets 
2.222 [1 10/65] via 200. 1. 12.2, 00:02:37, ScriaUm 12 
1 A 200. 1 .36.0 24 [1 1 0/909 j via200. 1.12.2, 00:02:37, ScrialO/0.12 
200. 1.23.0/24 [110/128] via 200. 1.1 2.2, 00:02:37, Serial QUO 

3.0.0.0 32 is subnetted, I subnets 
1A 3.3.3.3 [110/129] via 200. 1.122, 00:02:37, ScrialQ'0.12 
O E2 4.0.0.0/8 (110/201 via 200.1.12.2, 00:02:01, StrialO/0.12 
1A 200. 1.34.024 [110/909] via200. 1.12.2, 00:02:37, ScrialO/0.12 
O E2 5.0.0.0/8 1110/201 via 200.1.12.2, 00:01:51, SerialO/0.12 
1A 200. 1.35.0/24 [11 0/909 J via200. 1.12.2, 00:02:37, ScrialO/0.12 
O E2 6.0.0.0/8 1110/201 via 200.1.12.2, 00:01:41, SerialO/0.1 2 

On R2 

R2#Sh ip route ospl ' 

1.0.0.0 32 is subnetted, 1 subnets 
1.1.1.1 [110/65] via 200.1. 12.1, 00:04:01, ScrialO'0. 21 
O 1 A 200. 1 .36.0 24 [1 1 0/845] via200. 1 .23.3, 00:04:0 1 , Serial0/023 

3.0.0.0 32 is subnetted, I subnets 
O 1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:04:01, ScrialO/023 
E2 4.0.0.0/8 (110/201 via 200.1.23.3, 00:03:25, St! ri a 10/ 0.23 
1A 200. 1.34.0/24 [110/845] via200. 1.23.3, 00:04:01, Scrial0/0 2 3 
O E2 5.0.0.0/8 |110/201 via 200.1.23.3, 00:03: 15, Serial0/0.23 
O 1A 200. 1.35.0 24 [110/845] via200. 123.3, 00:04:01, ScrialO/0. 2 3 
O E2 6.0.0.0/8 (110/201 via 200.1.23.3, 00:03:05, St! ri a 10/ 0.23 



Task 5 

Configure R3 to filter the following networks: 
200. 1.34.0 (24. 200.1.35.0 .'24 and 200.1.36.0 ,'24 



On K3 

R3(eonfig)#routcrospf I 

R3(con%-routcr)*area 1 range 200.134.0 255.255.255.0 not-advertise 
R3(conflg-routcr)#area 1 range 200.135.0 255.255.255.0 nol-advertise 
R3(config-routcr)#area 1 range 200.136.0 255.255.255.0 nut-advertise 

To verify the configuration: 
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On R2 

R2n ! Sh ap route ospf 

1.0.0.0/32 is subnetted, I subnets 
M.l.l [IKtffiS] via 200.1. 12. 1, 00:0 1:47, ScrialO/0.21 

3 .0.0.0/32 is subnetted, 1 subnets 
1 A 3. 3. 3.3 [ 1 10/65] via 200. 1 .23.3, 00:0 1 :47, ScrialO/023 

On Rl 

Rl?*Sh ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65 J via 200. 1.12.2, 00:03:02, ScrialO/0. 12 
O 200.1.23.0/24 [110/128] via 200. 1.122, 00:03:02, ScrialO/0.12 

3.0.0.0 32 is subnetted, 1 subnets 
IA 3.3.3.3 [110/129] via 200. 1. 12.2, 00:03:02, ScrialO/0. 12 

Note the routers in Area no longer have reachability to the prefixes from Area 1. 






Task 6 

Configure R3 such that the routers in Area can reach the networks that were 
redistributed in step 3. Use minimum number of commands to accomplish this task: you 
should NOT use any global con fig commands as part of the solution to this task. DO 
NOT remove the commands from the previous step. 








On R3 

R 3 (c o n fig )# ro u t cr o sp f 1 

R3(config-routcr)? i area 1 nssa translate type" suppress-la 

To verify the configuration: 

On R2 

R2#Sh ip route ospf 

1.0.0.0 32 is subnetted, 1 subnets 
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l.l.l.l [110/65] via 200.1. 12. 1, 00:07:29, ScrialO'O 21 

3.0.0.0. 32 is subncttcd, I subnets 
1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:07:29, ScrialO/0.23 
() E2 4.0.0.0/8 1110/201 via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 5.0.0.0/8 1110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 6.0.0.0/8 |110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 

On Rl 

RlrrShow ip route ospt' 

2.0.0.0/32 is subncttcd, 1 subnets 
2.222 [110. 65] via 200. 1.12.2, 00:08:03, ScrialO/0. 12 
200. 1.23.024 [110/128] via 200. 1.122, 00:08:03, ScrialO'O. 12 

3.0.0.0.32 is subncttcd, 1 subnets 
Q1A 3. 3.3.3 [110/ 129] via 200. 1.122, 00:08:03, ScrialO'O. 12 
() E2 4.0.0.0/8 |110/20] via 200.1.12.2, 00:01:15, SerialO/0.12 
O E2 5.0.0.0/8 |110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 
O E2 6.0.0.0/8 (110/201 via 200.1.12.2, 00:01:15, SerialO/0.12 

To test the configuration: 

On Rl 

Riff Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avg'max = 1 12/113/1 16 ms 

RlffPing 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 168/171/173 ms 
RlflPing 5.5.5.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 5.5.5.5, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 168/170/173 ms 
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The OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature 
causes an NSSA ABR to translate IApe-" I.SAs to Type-5 LSAs, bill use the 
(1.0.(1.(1 as the fon>arding address instead of that specified in the Type- 7 LSA. 
Note if the "Area 1 translate type? sup press- fa'" command and the filters were 
removed, this \\\\\ he the output of the "Show ip ospf data external 4.0.(1.0" 

Rl*Sh ip ospfdata external 4.0.0.0 

OSPF Router with ID (1.1.1.1) (Process ID 1) 

Typc-5 AS External Link States 

Routing Bit Set on this LSA 
LS age: 7 

Options: (No TOS -cap ability, DC) 
LS Type: AS External Link 

Link State ID: 4.0.0.0 (External Network Number ) 
Advertising Router: 3.3.3.3 -*-^_^ 

LS Scq Number: 80000003 This is the muter that advertised the 

Checksum: 0xF5A8 network to the loeal router 

Length: 36 
Network Mask: /8 Note the address is not suppressed. 

Metric Type: 2 (Larger than any link state path!-- Basically the IP address 

TOS: ._---""" of the that originated the 

Metric: 20 a-""""^ route 

F orw a rd Ad d re ss : 2 00 . 1 .34 . 4 

External Route Tag: 

After the filters are applied and the "Area 1 nssa translate type? suppress- fa" 

command is configured, the output of the "Show ip ospf da ext 4.0.0.0" will he 
changed asfolhms: 

R1*Sh ip ospf data external 4.0.0.0 

OSPF Router with ID (1 . 1 . 1. 1) (Process ID 1 ) 

Typc-5 AS External Link States 



Routing Bit Set on this LSA 
LS age: 293 

Options: (No TOS -cap ability, DC) 

LS Type: AS External Link . Note the advertising router is still in the DB 

Link State ID: 4.0.0.0 (Exty:«aT"Nctwork Number ) 
Advertising Router: 33.3.3 
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LS Scq Number: 80000002 

Checksum: 0x5738 

Length: 36 The IP addivss of the router (hat originated the 

Network Mask: /8 route is suppressed. 

Metric Type: 2 (Larger than any link state path) 

TOS: 

Metric: 20 

Forward Address: 0.0.0.0 

External Route Tag: 



L IUU1I ,**' ' 

if 



Because the IP address of the router that originated the route's are suppressed, 
area routers no longer need to maintain extra prefixes in their routing table. 

On R2 

R2"Sh ip route ospf 

1.0.0.0/32 is subnetted, 1 subnets 
Q 1. 1 . i . i L 1 1 65; via 200.1 . 12. 1, 00:07:29, ScrialO/021 

3.0.0.0 32 is subnetted. I subnets 
1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:07:29, SeriaK)/023 
O E2 4.0.0.0/8 |110.'201 via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 5.0.0.0/8 1110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 
t) E2 6.0.0.0/8 I110/20] via 200.1.23.3, 00:00:41, Serial0/0.23 

On Rl 



R [#ShCTOf ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [ 1 10/65 J via 200. 1 . 12.2, 00:08:03, ScrialO/0. 12 
O 200. 1.23.0 24 [110/128] via 200. 1.122, 00:08:03, Serial0AM2 

3.0.0.0.32 is subnetted, 1 subnets 
O 1A 3.3.3.3 [110 129] via 200. 1.122, 00:08:03, ScrialO/0.12 
O E2 4.0.0.0/8 |110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 
() E2 5.0.0.0/8 1110/201 via 200.1.12.2, 00:01:15, SerialO/0.12 
C) E2 6.0.0.0/8 (110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 

Note the backbone routers no longer need to maintain the extra prefixes for the 
links, but they have full reachability to the prefixes that were redistributed. 
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Task 7 

Erase the startup DOnfig and reload the routers before proceeding to the next lab. 
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Lab Setup: 

> Configure all frame-relay connections in a point-to-point manner. 

> L'sc the IP addressing and DLC1 chart below. 



II* a licit "cssing: 



Router 


Interface IP address* 


DLC1 


assignment 


Rl 


F0 = 10.1.12.1 /24 
LoopbackO =1.1.1.1 '8 






R2 


FO'O =10.1.12.2 '24 
F0 1 =10.1.23.2/24 

LoopbackO =2.2.2.2 '8 






R3 


Ft) 1 =10.1.23.3/24 








SO 0.34 = 10.1.34.3/24 


304 






SO/0.35 = LOl 1353/24 


305 






LoopbackO =3.3.3.3/8 








Loopbackl =33.3.3.3/8 






R4 


SO/0.43 = 10.1.34.4 -'24 
LoopbackO =4.4.4.4 '8 


403 




R5 


SO 0.53 =10 1 m 24 
LoopbackO = 5.5.5.5/8 


503 





Task I 



Configure OSPF on the routers based on the following chart: 



Router 


Interface / Area 


Ri 


SO 0.12 /Art; a 
LoopbackO Area 


R2 


SO/ 0.21 /Area 
SO/0.23 /Area 
LoopbackO / Area 


R3 


SO. 0.32 Area 
SO/0. 34 /Area 1 
SO/0.35,' Area! 


R4 


SO.' 0. 43 / Area 1 
LoopbackO Area 1 


R5 


SO 0.53 Area 2 

LoopbackO Area 2 
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On kl 

Rl (eon fig- if)#ro Liter ospf 1 

R 1 (config-rou tcr)#nct\v 1.1.1.1 . 0. 0. arc 

Rli;config-rautcr)f*nctw 10.1.12.1 0.0.0.0 arcO 

On R2 

R2(eonfig)#roLitcrospf" I 
R2(L'C3n fig-ro Litcr)#nctw 2.2.2.2 0.0.0.0 arc 
R2i;eonfig-roLitcr)#nctw 10. 1. 12.2 0.0.0.0 arc 
R2i;config.rautcr)#nct\v 1 0. 1.23.2 0.0.0.0 arc 

On K3 

R3 (e o n fig)#ro liter a spf I 

R3(config-routcr)#nctw 1 0. 1.23.3 0.0.0.0 area D 
R3i;config-routcr)f#nctw 10.1.34.3 0.0.0.0 area 1 
R3(eonfig-roLiter)#nctw 10. 1.35.3 0.0.0.0 area 2 

On K4 

R4 (c o n fig)#ro u tcr o sp f 1 

R4 (eon fig-ro Litcr)#nct\v 10.1.34.4 0.0.0.0 area 1 

R4 (e o n fig-ro u ter)#netw 4 . 4. 4 .4 . 0. 0. area 1 

On K5 

R5(config)#routcrospf I 

R5 (e o n fig-ro u tcr)#nctw 5 . 5. 5 . 5 . 0. 0. area 2 

R5(config-routcr)#nct\v 10. 1.35.5 0.0.0.0 area 2 



1 'n verify the configuration: 



On HI 

R 1 frS ho w i p ro ut c o sp i' 1 nc 

2.2.2.2 [1 10/65] via 10.1.12.2,00:05:31, ScrialO'O. 12 

1A 4.4.4.4 [110/193] via 10.1.12.2, Oft 03:49, Scrial0/0.12 

1A 5.5.5.5 [110/193] via 10.1 .12.2, 00:02:31, Scrial0/0.12 

( ) 1 ft 1 2 3. [11 0/ 128J via 10. 1.12.2, 00: 05:31, ScriaKl'O . 1 2 
O 1A 10.1.35.0 [110/1 92J via 10.1.12.2, 00:05:21, ScrialO/0.12 
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IA 10.1.34.0 [110/192] via 10.1.12.2, 00:05:31, ScrialO/0.12 

On R2 

R2#Show ip route ospf lnc O 

1.1.1.1 LHO 65J via 10.1.12. 1, (X):06:22, ScrialOO.21 

IA 4.4.4.4 [110/129] via 10.1.23.3, 00:04:40, ScrialO/023 

IA 5.5.5.5 [110/129] via 10.123.3,00:03:22, Scria»0/023 

IA 10.1.35.0 [110/128] via 10.1.23.3, 00:06: 12, ScrialO/0.23 

IA 10.1.34.0 [110/128] via 10.1.23.3,00:06:22, ScrialO/0.23 

On R3 

R 3 a S h o w j p r o ut c o sp f 1 nc 

1 . 1 . 1 . 1 L II 0/ 129] via 1 . 1 .23 .2, 00 : 7 : 00 , Scr iaIQ-'0 . 32 

2.222 [110/65] via 10.1232,00:07:00, ScrialO'0.32 

4.4.4.4 [110 '65] via 10.1.34.4, 00:05:28, ScrialO/0.34 

5.5.5.5 [110/65] via 10.1.35.5,00:04:10, ScrialO'0.35 

10.1.12.0 [110/128] via 10.1232,00:07:00, ScrialO 0.32 

On K4 

R4#Show ip route ospf lnc 

O IA 1 . 1 . 1 . 1 [ 1 1 0; 1 93 j via 1 0. 1 .34.3, 00: 06: 1 8, ScrialO/043 

O IA 2.2.2.2 [110 129] via 10.1.34.3, 00:06:18, SeriaH]/'0.43 

IA 5.5.5.5 [110/129] via 10.1.34.3, 00:05:00, ScrialO/043 

IA 10.1.12.0 [110/192] via 10.1.34.3, 00:06:18, Serial 0/0. 43 

O IA 10.123.0 [110/128] via 10.1.34.3,00:06:18, SerialO/0.43 

IA 10.1.35.0 [110/128] via 10.1.34.3, 00:06:18, ScrialO/0.43 

On \15 

R5*Sho\v ip route ospf lnc 

QIA I. 1. 1. 1 [110. 193] via 10.1.35.3, 00:06:02, ScriaH3/0.53 

IA 2.2.2.2 [110/129] via 10.1.35.3,00:06:02, ScriaH)/0.53 

IA 4.4.4.4 [110/129] via 10.1.35.3, 00:06:02, ScrialQ/0.53 

O IA 10.1.12.0 [110/192] via 10.1.35.3, 00:06:02, SerialO/0.53 

IA 10.123.0 [110/128] via 10.1.35.3, 00:06:02, ScrialO/0.53 

IA 10.1.34.0 [110/128] via 10.1.35.3,1X1:06:02, ScrialO/0.53 
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Task 2 

Configure R3 to redistribute its Loopback and 1 interfaces into this OSPF routing 
domain. 



On K3 

R3 fc o n fig )# route- map TST permit 10 
R3(config-routc-map)#match interface loO lol 

R3 ( c o n fig )P r o ut cr o sp f 1 

R3(config-routcr)# redistribute connected subnets route-map TST 

To verify the configuration: 

On Rj 

Rl#Show ip route ospf Inc E2 

E2 33.0.0.0 8 [110 20] via 10. 1. 12.2, 00:01:10, ScrialO/0.12 
O E2 3.0.0.0/8 [110/20 J via 10.1. 12.2, 00:01:10, SerialO'0.12 

On R5 

R5"Sho\v ip route ospf Inc E2 

E2 33.0.0.0/8 [110/20] via 10.1.35.3, 00:02:09, ScrialO/0.53 
E2 3.0.0.0 8 |1 10/20] via 10.1.35.3, 00:02:09, ScrialO/0.53 



Task 3 

Configure area I and area 2 as XSSA. R3 should be configured such that the routers in 
these two areas get a default route, this default route should be injected as an external 
route. 



On K3 

R3 (c o n fig)# Ro u t cr o sp f I 

R3fconfig-routcr)r*area 1 nssa delauU-information-oriyinate 

R3(config-routcr)ftarea 2 nssa del'ault-information-ori^inate 
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On K4 

R4 (c o n fig)#ro u t cr o sp t" 1 
R4(config-routcr)r*arca 1 nssa 

On R5 

R5(config)#routcrospf 1 

R 5 [C o n fig-ro u t cr)#ar ca 2 as sa 



To verify tht 1 configuration: 



On R4 

R4#Show ip route ospl" Inc 

O 1 A I . I . I . I [ 1 1 0. 1 93] via 1 0. 1 .34.3, 00:05:05, ScrialO/0.43 
O IA 2.2.2.2 [110,129] via 10.1.34.3, 00:05:05, ScrialO/0.43 
O N2 33.0.0.0/8 [110/20] via 10.1.34.3, 00:04:55, ScrialO/0.43 
N2 3.0.0.0/8 [110/20] via 10. 1 .34.3, 00:04:55, ScrialQ.''0.43 
O IA 5.5.5.5 [110 129] via 10. 1 .34.3, 00:05:01, ScrialG/0.43 
IA 10.1.12.0 [110. 192] via 10.1.34.3, 00:05:05, ScrialO'0.43 
O IA 10.1.23.0 [110/128] via 10.1.34.3, 00:05:05, ScrialO/0.43 
IA 1 0. 1 .35.0 [110/128] via 10.1.34.3,00:05:05, ScrialO/0.43 
0*\2 0.0.0.0/0 [110/1] via 10.1.34.3, 00:04:55, ScrialO/0.43 

Note the default route is injected as an external mute. 

On K5 

R5#Show ip route ospf Inc 

O IA 1 . 1 . 1 . 1 [ 1 1 0; 1 93] via 1 0. 1 .35.3, 00:07: 1 4, ScrialO/0.53 
IA 2.2.2.2 [110/129] via 10.1.35.3, 00:07:14, ScrialO/0.53 
N2 33.0.0.0/8 [110/20] via 10.1.35.3, 00:07:14, ScrialO'0.53 
0X23. 0. . 0/8 [ 1 1 0/20 j v ia 1 . 1 . 3 5 .3 , 00:0 7 : 1 4 , SerialO/0 . 5 3 
]A 4.4.4.4 [110/129] via 10.1.35.3, 00:07:14, ScrialO/0.53 
IA 10.1.12.0 [110/192] via 10.1.35.3, 00:07:14, ScrialQ'0.53 
IA 10.1.23.0 [110/128] via 10.1.35.3,00:07:14, ScrialO/0.53 
IA 10.1.34.0 [110/128] via 10.1.35.3,00:07:14, ScrialO/0.53 
0*\2 tl. 0.0.0/0 [110/1] via 10.1.35.3, (K):07:14, ScrialO/0.53 
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Task 4 

Configure area 1 such that it receives the default route injected by the ABR as an internal 
OSPF route. 






On R3 

R3(config)#routcrospf 1 
R3(config-routcr)#arca I nssa no -summary 

I o \ erify the configuration: 

On R4 

R4r i Sh ip rou ospf i inc 

N2 33.0.0.0 8 [1 10/20] via 10. 1.34.3, 00:12:18, ScriaRTO.43 
N2 3.0.0.0. 8 [1 1 0/20] via 10. 1 .34.3, 00: 12:18, ScrialO/0.43 
Q*IA D.O.0LW0 [11 0/65] via 1 0.1 .34.3, 00: 00:0 9, ScrialO/0.43 

Note the default route injected h\ the ABR 111 'this area is an internal OSPF route. 






TaskS 

Configure R3 such that ONLY Area 2 receives the redistributed routes (3.0.0.0 8 and 
33.0.0.0 f&}i you should NOT use any global configuration command or route-map as 
part of the solution to accomplish this task. 






On R3 

R3(ooiifig)#ro Liter ospf 1 

R 3 (con fig-router)^ area 1 nssa no- redistribution 

To verify the configuration: 

On R4 

R4#Shap route ospf IncO 

0*1 A 0.0.0.0 [1 1 65 via 1 0. 1 .34.3, 00:01 :45, ScrialO'0.43 
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Note the no-redistribution is configured on the ABR which happens to be an ASBR 
as «ell: this command stops redistribution of the external routes into the area 
specified. 



Task 6 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 632aflQ68 

C 2009 >tarl>ik Kucha riani. All rnjhU rcirrvcil 



Advanced 
CCIE Routing & Switching 

2.0 

www ,Mii run icsTraiiiin^, cum 



Narhik Kochaiians 

CCIE #12410 
R&S, Security SP 



BGP 



CCIE R&«> by Narhik KueharLaiw Advanced CCIE R&S Work Book 2.0 Page 633 of 1068 

C2009 Narbik Kuchariini. All rijhlj rcicnnl 



Lab I - Establishing Neighbor Adjacency 



AS 100 




Lab Setup: 

> The FQ interface of these four routers should be configured in VLAN 100. 

> Configure the routers according to the following IP addressing chart: 



ll J Addressing; 



Router 


Interface/ IP Address 


AS 1 00 


Rl 


FOOT- 10.1.1.1/24 

Loll -1.1.1.1 /8 

Lol -192.168.1.1 "24 


1(H) 


R2 


FQ - 10.1.1.2 24 

LoO- Z2.22/8 

Lol - 192.168,2,2^4 


1 00 
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R3 


FO/0- 10.1.13/24 
Lot) -333.3 8 

Lo 1 -192.1683.3 '24 


100 


R4 


F0 0- 10.1.1.4 24 

LoO- 4.4.4.4 ,'8 

Lol - 192. 168.4.4 24 


1 00 



1 ask 1 

Configure these routers in AS 100, these routers should create an 1BGP peer sessions 
between them, ensure that these routers advertise their Loopback interface in this AS. 



On Rl 








R 1 (c on fig-ro utcrbgp 100 








R 1 ( e o n fig-ro li t cr )# ncig hb o r 


1 0.1. 1.2 


rcmotoas 


UK) 


R 1 (c o n fig-ro u t er)# ncighbo r 


10.1.1.3 


remote- as 


100 


R 1 (config-routcr)#ncighbor 


10.1.1.4 


remote- as 


100 


R 1 (c o n fig-ro u tcr)f#no syn 








R 1 (c o n fig-ro u t cr ) ft net wo r k 


1.0.0.0 






On R2 








R2(config)#ro liter bgp 1 00 








R2 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.1 


remote- as 


KM) 


R2 ( c o n fig-ro u t cr)# ncighbo r 


10.1.1.3 


remote- as 


100 


R2 (c o n fig-ro u t er)# ncighbo r 


10.1.1.4 


remote- as 


100 


R2(eonfig-routcr)#no syn 








R2 ft o n fig-ro u t cr)* net wo r k 


2.0.0.0 






On R3 








R3(config)#routcrbgp 100 








R3 (c o n fig-ro u t cr) £ ncighbo r 


10.1.1.1 


remote- as 


1 00 


R 3 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.2 


remote- as 


100 


R 3 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.4 


remote- as 


100 


R 3 (con fig-ro utcr)#no syn 








R3(config-routcr)# network 


3.0.0.0 






On R4 








R 1 1 config)nroLitcr bgp 1 00 
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R4(conf]g-routcr)#neighbor 10.1. 1.1 remote- as KM) 
R4(config-routcr)#ncigbbor 1.0.1. 1.2 remote- as 100 
R4(config-router)#ricighbor 10.1. 1.3 rcmotc-as 100 

R4 (c o n fag-ro u tcr)#no syn 

R4 (c o n fig-r o u t cr)#nctwu rk 4. 0.0. 

To verify the configuration: 

On Kl 

RlflShowipbap 

BGP tabic version is 5 t local muter ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPri" 


Weight Path 


*> 1.0.0.0 


0.0.0.0 







32768 i 


*>i2 .0.0.0 


10.1.1.2 





100 


i 


*>i3 .0.0.0 


10.1.1.3 





100 


i 


*>i4. 0.0.0 


10.1.1.4 





100 


i 
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Valid Tabic Entrv. 



The best entry for the Prefix. 



The entry is suppressed. 



The entry was learned via an 1BGP, this is the *f* to the left of the network 
column. The letter "P* under the path column, specifics the origin of the 
route. 



Network 



Prefix entry for the network, if the mask is omitted, the default mask is 
assumed. 



Next Hop 



The next hop's IP address to get to the specified network address, if it is 
0.0.0.0 it is a prefix that is advertised by the local router. 



Metric 



This is the Inter-as metric, or the MED attribute which is bv default. 



LocPrf 



This is the local preference attribute, used in the route selection process 
carried within the local AS ONLY. With the local-prcf attribute the higher 
value has more preference. The prefixes that are received from a peer AS 
arc tagged with a local-prcf value of 100; this value can be changed to 
influence the best path selection process. The changed value is only 
advertised to 1BGP peers. When the local router advertises a prefix, no 
local-prcf value is seen in the output of the "Show ip bgp'* command. The 
default value of 100 can be changed by the "ESCrP default local- 
p r e fa re n c e '* c o ir.ir.an d . 



Weight 



The prefixes that arc received via a neighbor (1BGP or EBGP) will have a 
weight of 0, but the prefixes that arc originated by the local router will have 
a weight value of 32768. This attribute overrides any other attribute for 
performing best path determination. 



Path 



If the prefixes were originated or learned via an 1BGP neighbor, the path 
column will have the letter *T without any ASX. If the prefix was learned 
through another AS, then this column will haw the AS number's followed 
by the letter i, the ASNs indicate the AScs that a prefix has traversed. The 
maximum number of AScs that a prefix can traverse through is 255. 



Task 2 



Reconfigure the routers as follows: 

R2, R3 and R4 should be configured in AS 200, 300 and 400 respectively. Configure a 
full mesh peer session between these routers. 



On Kl 

R 1 (config^ro utcr bgp 100 
Rl (config-router)#ncighbor 10.! 
R 1 (config-routcr)#ncighbor 10. 
R 1 icon fig -routcr)#ncighbor 1 0. 



1.2 remote- as 2(H) 

1.3 remote- as 300 

1.4 remote- as 400 
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R I (config-routcr)r?no auto 
Rl(config-routcr)#nctwork 1.0.0.0 

On R2 

R2 (c o n figure u tcr bgp 20 

R2(config-routcr)r?TTcigribor 10.1. 1. 1 remote- as 100 
R2(config-routcr)r?ncighbor 10.1.1.3 remote- as 300 
R2(config-routcr)r ! ncighbor 1 0. 1.1.4 rcmotc-as 400 
R2 (c o n fig-ra u tcr)?? no aut o 
R2i'config-routcr)#nctwork 2. 0.0.0 

On K3 

R3(config)#routcrbgp 300 

R 3 (con fig-router)?? neighbor 10.1.1.1 remote- as 100 
R3(config-routcr)#ncighbor 10.1.1.2 remote- as 2(H) 
R3 (con fig-router)?* neighbor 10.1. 1.4 remote- as 4(H) 
R3(config-routcr)#rio auto 
R3(config-routcr)#nctwork 3.0.0.0 

On K4 

Rl (c o n fig )#ro Liter bgp 400 

R4(config-routcr)#ncighbor !().!. 1. 1 remote- as 100 
R4(config-routcr)??ncighbor 1 0.1. 1.2 rcmotc-as 2(H) 
R4(config-router)#ricighbor 10.1.1.3 rcmotc-as 3(H) 
R4(config-rou tcr)#no auto 
R4(config-routcr)??nctwork 4. 0.0.0 

To verify the configuration: 

On Rl 

Rl??Sho\v ip bap 

BGP tabic version is 5, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-tailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop 
*> 1.0.0.0 0.0.0.0 

*> 2.0.0.0 10.1.12 



Metric 


LocPrf 


Weight Path 







32768 i 







200 i 
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* 


10.1.12 


* 


10.1.12 


* 3.0.0.0 


10.1.1.3 


*> 


10.1.1.3 


* 


10.1.1.3 


* 4.0.0.0 


10.1.1.4 


* 


10.1.1.4 


*> 


10.1.1.4 



300 200 i 
400 200 i 
200 300 i 

300 i 

400 300 i 
200 400 i 
300 400 i 

400 i 

Note the local-preference attribute is not assigned on any of the prefixes: this is 
because the prefixes are advertised by an EBGP peer. The best selection in the 
above output is based on the shortest ASN. 

The MED value (Metric column) is zero for some of the prefixes, and on others, it is 
NOT assigned, this is because when the prefix is advertised by the originating AS, 
the metric is set to "0'", but when the same prefix is advertised by another AS, the 
MED value is removed. 



Task 3 

Reconfigure the routers in AS 1 00; use the following policy for their 1BGP peer sessions: 

> Authentication must be enabled between the peers using "cisco" as the password. 

> The peer session must be established based on the Loopbaek O's IP address. 

> These routers should ONLY advertise their Loopback 1 in BCSP. 

> Provide NLR1 to LoopbackO interlace using RIPvZ. 

> The peer session between the routers should only be established if they arc 
rumr.ng BC-P \ jrs.uii 4. 

> L" sc pecr-gro up s to acco mp li sh t hi s task . 



Cisco's implementation of BGP in I OS 12.0(5)T or earlier releases supports BGP 

versions 2,3, and 4, with dynamic negotiation down to Version 2. But in IOS version 
12.()(6)T or later, Cisco routers only support version 4 and they do not support 
dynamic negotiation down to Version 2. The reason you may see the "Neighbor 
version'" command configured on some Cisco routers is because may be the muter is 
connecting and establishing a peer session with a Non-Cisco router, or the 
administrator is not aware of this fact. 

On \U 



R 1 (configure Liter bgp 100 
R 1 (c o n fig -r o u t cr) jj no an 
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R 1 (c o n fig-ro u t cr )#nct 192.168.1 .0 

Rl (con fig-ro utcr)#ncighb or TST peer-group 
Rl(config-routcr)#ncighbor TST remote- as 100 
Rl (config-routcr)#neighbor TST update-source loO 
R 1 (e o n fig-ro u t cr )#ncighb o r TS T v cr s io n 4 
Rl (con fig-ro utcr)#ncighb or TST password cisco 

Rl (config-routcr)#ncighbor 2.2.2.2 peer-group TST 
Rl(config-router)#ncighbor 3.3.3.3 peer-group TST 
R I (con fig-ro utcr)#ncighbor 4.4.4.4 peer-group TST 

R I (c o n fig-ro u ter)#ro ut cr rip 

Rl (eon fig -router )#no au 

R 1 (con fig-ro utcr^vcr 2 

Rl (c on fig-ro uter)#nctw 1 0.0.0.0 

Rl (config-routcr)nnct\v 1.0. 0.0 



On R2 

R2(eonfig)#routcrbgp 100 
R2 ( c o n fig-ro u ler)#nd au 
R2(config-rou ter)#nctw 1 92 . 1 68.2.0 

R2(eonfig-rautcr)# neighbor TST peer-group 
R2 (con fig-ro utcr)#ncighb or TST remote- as 100 
R2(config-routcr)#ncighbor TST update-source loO 
R2(config-routcr)#ncighbor TST version 4 
R2 (con fig-ro utcr)#ncighb or TST password cisco 

R2 (con fig-ro utcr)#ncighb or 1. 1. 1. 1 peer-group TST 
R2(config-routcr)#ncighbor 3.3.3.3 peer-group TST 
R2(config-routcr)#ncighbor 4.4.4.4 peer-group TST 

R2(config-rou tcr)#rautcr rip 
R2(config-router)#no au 
R2 (con fig-ro utcr)#ver 2 
R2(config-routcr)#nct\v 1 0.0.0.0 
R2(config-routcr)#nctw 2.0.0.0 

On 1*3 

R3(eonfig)#roLitcrbgp 100 
R3fconfia-routcr)"no au 
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R3(config-routcr)# network 192. 168.3.0 

R3(config-router)#ricighbor TST peer-group 
R3(eonfig-routcr)#ncighbor TST rcmotc-as 1 00 
R3(config-routcr)#ncighbor TST update- source loO 
R3 (con fig-ro utcr)#ncighbor TST version 4 
R3 (con fig-ro utcrj^ncighb or TST password cisco 

R3feonfig-routcr)#ncighbor 1.1.1.1 peer-group TST 
R3(config-router)#ncighbor 2.2.2.2 peer-group TST 
R3(config-routcr)#ncighbor 4.4.4.4 peer-group TST 

R3 (e o n fig-ro u ter)#ro ut cr rip 

R3 (con fig-ro utcr)#no au 

R3 (eon fig-ro utcr)#vcr 2 

R 3 (eon fig-ro uter)#nctw 1 0.0.0.0 

R3(config-routcr)#nctw 3.0. 0.0 



On R4 

R4(config)#ro Liter bgp 100 
R4(config-router)#no aLi 
R4(config-routcr)# network 192. 168.4.0 

R4 (c o n fig-ro u t cr) #ncighbo r TS T peer -gro u p 
R4 (eon fig-ro utcr)#ncighbor TST rcmotc-as 100 
R4(config-routcr)#ncighbor TST update-source loO 
R4 (con fig-ro utcr)#ncighbor TST version 4 
R4 (con fig-ro utcr)#ncighb or TST password cisco 

R4 (con fig-ro utcr)#ncighb or 1,1,1,1 peer-group TST 
R4 (con fig-ro uter)#ncighbor 2.2.2.2 peer-group TST 
R4(config-routcr)n : ncighbor 3.3.3.3 peer-group TST 

R4 (c o n fig-ro u t cr) U ro ut cr rip 
R4 (c o n fig-ro u t cr)#no au 
R4 (c o n fig-ro u tcr)# vcr 2 
R4(config-rou tcr)#nctw 1 0.0. 0. 
R4 (c o n fig-ro u t cr) £ net w 4 . 0. . 



To verify the configuration: 



On Rl 
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Rl*Showipbgp 

BC5P tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 192.168.1.0 0.0.0.0 32768 i 

*>il92. 168.2.0 2.2.2.2 100 i 

*>i 192. 168.3.0 3.3.3.3 100 i 

*>i!92. 168.4.0 4.4.4.4 100 i 



To verify the configuration: 



On kl 

R If* Show ip bap peer- group 

BGP peer- group is TST, remote AS \[)l) 
BGP version 4 
Default minimum time between advertisement runs is seconds 

For address family: IPv4 L'nicast 
BGP neighbor is TST, peer-group internal, members: 
2.2.2.2 3.3.3.3 4.4.4.4 
Index 0, Offset 0, Mask 0x0 
Update messages formatted 0, replicated 
Number of N'LRls in the update sent: max 0, rnin 

Note the output of the "Slum ip hup peer-group" reveal* the ip address of the 
members of the peer-group. 

Som e of the benefits of peer-groups: 

> Peer-groups provide optimization of BGP convergence, Let's say a BGP 
speaker has ID IBGP peers that exchange full BGP routing (200,004 
prefixes), without the creation of a peer-group, the local router has to go 
through 2 million prefixes, whereas, if the same router was configured with a 
peer- group, the router would only go through 200,000 prefixes. 



It provides a mechanism for peers that have an identical outbound policy. 
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> Another benefit of peer-groups is that it can reduce the administrative 

overhead by cutting don n redundant configuration on the routers. 






Task 4 

Remove the BGP configuration from the routers and reconfigure the routers in AS 100 
using pecr-scssion templates: von should configure the following two templates to 
accomplish this task: 

> Common Template: This template should contain the "Neighbor version 4 : ' and 
"Neighbor password" command, this template should he appiicd to all 
neighbors. 

> 1BGP Template: This template should contain the "Neighbor Update-source" 
and "Neighbor remote-as" commands. This template should be applied to all 
1BGP neighbors. 

You should advertise Loopbackl interface in BGP and LoopbackO should be used as 
the IP address for establishing the peer sessions. DO NOT remove RlP\2 : s 
configuration. 






On Kl 

Rl (config^ro utcr bgp 100 

R 1 ( c o n fig-ro u tcr )#no au 

Rl (config-routcr)#nctwork 192.1 68. 1 .0 

R! (config-routcr)iTtcmplatc pecr-scssion Common 

Rl (con fig-ro utcr- st mp)#pass\vord cisco 

R 1 (con fig-ro utcr- simp Aversion 4 

R 1 (config-routcr-stmp)#cxit-pccr-scssion 

Rl (con fig-ro utcr)Trtcmp late pecr-scssion I BGP 

R 1 (config-routcr-stmp)# inherit peer-session Common 

R! (config-routcr-stmpjp'updatc-sourcc loO 

R 1 (c o n fig-ro utcr- st mp j# r cmo t c-as 1 00 

R 1 (con fig -router- simplex it -peer- session 

Rl(config-routcr)r ! ncighbor 2.2.2.2 inherit peer-session 1BGP 
Rl (eonfig-routcr)#ncighbor 3.3.3.3 inherit peer-session 1BGP 
Rl (config-routcr)#ncighbor 4.4.4.4 inherit peer-session 1BGP 
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On R2 

R2iconfig)#routcrbgp 100 
R2 (con fig -router)* no au 
R2(config-routcr)#rictwurk 192.1 68.2.0 

R2 lam fig-ro utcr)rrtcmp late peer- session Common 

R2(config-routcr-stmp)#password cisco 

R2 (c o n tlg-ro liter- st mp )n v cr sio n 4 

R2 (c a n fig-ro u tcr- st mp )#ex it -peer- scs sio n 

R2 (con fig-ro Liter)rrtcmp late pecr-scssion IBGP 
R2(config-routcr-stmp)#inhcrit peer-session Common 
R2iconf]g-routLT-stmp)p i updatc-sourcc loO 
R2(config-routLT-stmp)#rcrriotc-as 100 
R2(config-routcr-stmp)f*cxit-pccr-scssion 

R2 (con fig-ro utcr)#ncighbor 1.1.1.1 inherit pecr-scssion IBGP 
R2(config-routcr)#ncighbor 3.3.3.3 inherit pecr-scssion IBGP 
R2(config-routcr)#ncighbor 4.4.4.4 inherit pecr-scssion IBGP 

On R3 

R3(config)*routcr bgp 1 00 

R3(config-rautcr)f*no au 

R 3 (c o n fig-ro u tcr)#nct wo rk 1 9 2 . 1 6 8 .3 .0 

R3 (c o n fig-ro utcr)#tcmp late pecr-scssion Common 

R3(config-routcr-stmp)#password cisco 

R3 ( c o n fig-ro li tcr- stmp )H v crsio n 4 

R3 (c o n fig-ro u tcr- st mp )#cx it - p ccr- scs sio n 

R3(config-routcr)#temp3atc pecr-scssion IBGP 

R3 fc o n fig-ro u tcr- st mp )f* in hcri t pecr-sess k) n Cti m m o n 

R3 (c o n fig-ro liter- st mp )" u p d at c- so Lire c k) 

R3(conr]g-routcr-stmp)n i rcmotc-as 100 

R3 fc on fig -router- stmp)?* ex it -pecr-scssion 

R3(config-routcr)#ncighbor 1.1.1.1 inherit pecr-scssion IBGP 
R3(config-routcr)#ncighbor 2.2.2.2 inherit pecr-scssion IBGP 
R3 (co n fig -routcr)#ncighbor 4.4.4.4 inherit pecr-scssion IBGP 

On R4 



CCIE R&«* bv Narbik KuL-harians 



Advanced CCIE R&S Work Book 2.0 

£2009 Narbik Kucha rianx All rig lib reserved 



Page 644 of J068 



Reconfigure) Liter bgp 1 00 

R^coni'iLZ-rautiTi-no au 
R4(config-routcr)r! ! nct\vork 192.1 68.4.0 

R4 (c o n fig-ro utcr)#tcmp I ate peer- session Common 
R4 (c o n fig-ro u t cr- st mp )" p asswo r d e i sco 
R4(conf]g-routcr-stmp)r ! vcr5k;m 4 
R4 (c o n fig-ro u tcr- st mp )#c.x it - p ccr- scs sk) n 

R4 (c on fig-ro utcr)#tcmp late peer- session 1BGP 
R4(config-routcr-stmp)r* inherit peer-session Common 
R4(config-routcr-stmp .^update- so urcc loO 
R4 (c o n fig-ro u t cr- st mp )n r cmo t c- as 100 
R4 (c o n fig-ro u tcr- st mp )#cx it - p ccr- scs sio n 

R4 (con fig-ro utcr)#ncighbor 1.1.1.1 inherit peer- session 1BGP 
R4(config-roiitcr)#rjcighbor 2.2.2.2 inherit peer-session 1BGP 
R4 (con fig-ro utcr)#ncighbor 3.3.3.3 inherit peer- session 1BGP 



To verify the confiauratiun: 



On kl 

Rlgghow ip bgp. 

BGP tabic version is 5, local router ID is 192. 168. 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



- internal, 



Network 

*> 192.168.1.0 
*>il92. 168.2.0 
*>il92. 168.3.0 
*>il92. 168.4.0 



Next Hop 
0.0.0.0 

T 1 T 1 T* T 

3.3.3.3 

4.4.4.4 



Metric LocPrf Weight Path 
32768 i 






100 








100 








ion 






Peer-session template can be used to apply session specific configuration 
commands to a group of neighbors that share a common session 
configuration. 

Peer-session templates can be reused and they support inheritance of 

another peer-session template's, this means that nested peer-sessions 
can also be used. 
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> Peer-session templates support session specific commands ONLY. 



TaskS 



Reconfigure the routers based on the following IP address space and diagram. 



10.1.12.0/24 



s 



I AS 1 00 





I .all Set up: 

> Configure FG70 interlace of Rl and R2 arc in VLAN 12 and the Ft). 1 interlace of 
R2 r R3 and R4 in VLAN 234. 

> Configure 1 P addressing on the routers using the 1 P addressing chart on the next 
page. 
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II* Addressing chart: 



Router 


AS number 


Interface ■' IP address 


Rl 


AS 100 


Lo0= 1. 1.0.1 24 
Lol = I.I. 1.1 ,'24 
Lo2= 1.1.2.1/24 
Lo3= 1.1.3.1 .'24 
Lo4= 100.1.1.1 .'24 
Lo5 = 100,3.3 1 f2A 
F0 0= 10.1.12. 1 .'24 


R2 


AS 200 


Lo0= 2.2.2.2 .'8 
F0.0 = 10. 1.12. 2 .'24 
FO'I = 10.1.234.2 24 


R3 


AS 200 


Lofl = % % ^ 'K m 

F0 1 = 10.1.^34.3.^4 


R4 


AS 200 


LoO = 4.4.4.4 .'8 

FO 1 = 10.1.234.4 24 



Task 6 



> Rl in AS 100 should establish an EBGP peer session with R2 in AS 200. Rl 
should advertise all of it's loopback interfaces in AS 100. 

> R2. R3 and R4 should be configured in AS 200: these routers should establish 
1BGP peer sessions between them and advertise their loopback interlace in AS 
200. 

> Configure the router-ids of the routers as fo Hows: 

Rl = 10.1.1.1. R2= 10.2.2.2. R3 = 10.3.3.3 and R4 = 1 0.4.4.4 



On Rl 

Rl (config^ro Liter bgp 100 

Rl (config-routcrY^bgp router-id 10.1 .1.1 

Rl i;config-routcr)#nctwork 1. 1 .0.0 mask 255.255.255.0 

Rl(config-routcr)#nctwork 1. 1 . 1 .0 mask 255.255.255.0 

Rl i;config.router)#nctwurk 1. 1 .2.0 mask 255.255.255.0 

Rli;c[mfig-routcr)#nctwurk 1. 1.3.0 mask 255.255.255.0 

Rli;config-routcr)#nctwurk 100.1.1.0 mask 255.255.255.0 

Rli:config-routcr)#nctwork 100.2.2.0 mask 255.255.255.0 

Rl(config-routcr)#ncighbor 10.1.12.2 rcmotc-as 200 

Rl (config-routcr^no auto -summary 
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On R2 

R2(config)#router bgp 200 

R2 ic o n fig -ro u t cr)#no sync hronizat ion 

RZfcontlg-routcrtfrbgp router-id 10.2.2.2 

R2 i c o n fig-ro u ter)#netvvor k 2 .0.0. 

R2 (con fig-ro utcr)#neighbor 10. 1.1 2.1 remote-as ]00 

R2 (con fig-ro utcr)# neighbor 10. 1.234.3 remote-as 200 

R2(config-routcr)r*neighbor 10. 1.234.4 remote-as 200 

R2 ( c o n fig-ro u t cr ) £no an to-s n mina r y 

On K3 

R3(config)#router bgp 200 
R 3 ( c o n fig -r o u t cr)#no sync hronizat ion 
R3(config-routcr)#bgp router-id 10.3.3.3 
R3(config-routcr)#netvvork 3 .0.0.0 
R3(config-routcr)r*neigltbor 10.1.234.2 remote-as 200 
R3(config-routcr)#neighbor 10.1.234.4 remote-as 200 
R3 (c o n fig-ro u lfir)#no an to-s u mina r y 

On R4 

R4(config')#router bgp 200 

R4(config-router)#no synchronization 

R4(config-routcr)#bgp router-id 10.4.4.4 

R4 (c o n fig-ro u tcr)#networ k 4 .0.0. 

R4 (con fig-ro Litcr')Tr neighbor 10.1.234.2 remote-as 200 

R4(config-routcr)#neighbor 10.1.234.3 remote-as 200 

R4 (con fig-ro u tcr)#no auto-summary 

To verify the configuration: 

On Rl 

Rl#Show ip bgp 

BGP tabic version is 16, local router ID is 10. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.1. 0.0/ 24 0.0.0.0 32768 i 
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*> 1.1.1.024 0.0.0.0 32768 i 








*> 1.1.2.0/24 0.0.0.0 32768 i 








*> 1.1.3.0/24 0.0.0.0 32768 i 








*> 2.0.0.0 10.1.12.2 200 i 








*> 3.0.0.0 10.1.12.2 200 i 








*> 4.0.0.0 10.1.12.2 200 i 








*> 100.1.1.024 0.0.0.0 32768 i 








*> 100.2.2.0.'24 0.0.0.0 32768 i 








On R2 








R2*Sh ip bgp 








BGP tabic version is 10, local router ID is 10.2.22 








Status codes: s suppressed,, d damped, h history, * valid, > best, i - interna 1, 








rRlB-iailurc, S Stale 








Origin codes: i - 1GP, e - EGP, ? - incomplete 








Xctwork Xcxt Hop Metric LocPrf Weight Path 








*> 1.1.0.0.24 10.1.12.1 100 i 








*> 1.1.1.0 24 10.1.12.1 100 1 








*> 1.1.2.0/24 10.1.12.1 100 i 








*> 1.1.3.0/24 10.1.12.1 100 i 








*> 2.0.0.0 0.0.0.0 32768 i 








*>B .0.0.0 10.1.234.3 100 i 








*>i4 .0.0.0 10.1.234.4 100 i 








*> 10 0.1. 1.0,24 10.1.12.1 100 i 








*> 100.7 ?.q/?4 io. I.P.I 100 i 








On R3 








R3*Sh ip bgp 








BGP tabic version is 18, local router ID is 10.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rPJB-iailurc, S Stale 








Origin codes: i - 1GP, e - EGP, ? - incomplete 








Network Xcxt Hop Metric LocPrf Weight Path 








*il. 1.0.0.24 10.1.12.1 100 100 i 








*il.l.].0'24 10.1.12.1 100 100 i 








*il. 1.2.0/24 10.1.12.1 100 100 i 








*il.l.3.a.'24 10.1.12.1 100 100 i 








*>i2. 0.0.0 10.1.234.2 100 i 
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*> 3.0.0.0 


0.0.0.0 





22 


768 


. 




*>i4 .0.0.0 


10.12344 





100 





: 




*i 100.1 .1,0/24 


10.1.12.1 





100 


100 i 




*i 100 2. 2.Q.' 24 


10.1.12.1 





100 


100 i 




On R4 














R4*Sh ip bgp 














BGP tabic version is 20, local 


router ID 


is 10.4.4.4 






Status codes: s 


aipprcsscd, d damped, h history. 


* valid, > best, i 


■ internal, 


rRlB-1 


ailurc, S Stale 












Origin codes: i 


• 1GP, c-EGP 


? - incomplete 








Network 


Next Hop 


Metric 1 


.ocPrf V\ 


ciizhl 


Path 




*i 1.1.0.0,24 


10.1.12.1 





100 





100 i 




*il.l.UV24 


10.1.12.1 


(] 


100 


(1 


100 i 




* il. I.2.a24 


10.1.12.1 





100 


CI 


100 i 




*i 1.1.3.0/24 


10.1.12.1 





100 


CI 


100 i 




*>i2 .0.0.0 


10.1.234.2 





100 


Ci 


: 




*>i3 .0.0.0 


10.1.234.3 





100 





: 




*> 4.0.0.0 


0.0.0.0 





32 


768 


: 




*i 1QO. 1. 1.0/24 


10.1.12.1 





100 





100 i 




*il00.2.2.0'24 


10.1.12.1 





100 


Ci 


100 i 




Note R3 and R4 do not have 


NLRI to the next 


-hop 


IP address 


of 10.1.12.1, therefore, they 


won't have reachability to these addresses. 









Task? 

Configure R2 to change the next hop IP address for all trie networks advertised by Rl to 
the IP address of it's F0/1 interface. You should use a template so the future policies can 
be installed once in that template and have it effect R3 and R4. DO NOT use peer-groups 
to accomplish this task. 



On R2 

R2(config)#ro Liter bgp 200 
R2(config-routcr)# template peer-policy TST 
R2(config-routcr-ptmp)# next -hop-self 

R-i'config-routcr-ptmpiscxit-pccr-policy 
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R2(conl1g-routcr)??ncighbor 10.1.234.3 inherit peer-policy TST 








R2 (c on tig -router)?* neighbor 10.1.234.4 inherit peer-policy TST 








I o verify the configuration: 








On R3 








R3#Sh ip bgp 








BGP tabic version is 18, local router ID is 3.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il. 1.0.0 24 10.12342 100 ~ 100 i 








*> il . 1 . 1 .0/24 1 0. 1 .234.2 1 00 100 i 








*>il. 12.0/24 10.12342 100 100 i 








*> il . 1 .3.0/24 1 0. 1 2342 1 00 100 i 








*>i2 .0.0.0 10.12342 100 i 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1234.4 100 i 








*> i 1 . 1 . 1 . 0/24 1 . 1 2 34 .2 1 1 i 








*>il002 2.0/24 10.12342 100 100 i 








(Jn R4 








R4-Sh ip bgp 








BGP table version is 20, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-tkilurc 5 S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> il . 1 .0.0/24 1 0. 1 2342 1 00 100 i 








*> il. 1.1.0/24 10.12342 100 100 i 








*> il. 1.2.0/24 10.12342 100 100 i 








*> il . 1 .3.0/24 1 0. 1 2342 100 1 00 i 








*>i2 .0.0.0 10.12342 100 i 








*>i3. 0.0.0 10.1.234.3 100 i 








*> 4.0.0.0 0.0.0.0 32768 i 








*>i 100. 1.1. 0/24 10.1.234.2 100 100 i 








*> il 0022.024 10.12342 100 100 i 
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Peer-policy templates are used to build a template of policy information that can be 
inherited by a given neighbor. The peer-policy template can not be inherited by a 
peer-session template or a peer-group. 



i'askS 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 2 
Route Reflectors 



AS 100 




I .all Set up: 



> Configure Rl to have two point-to-point frame- relay connections,, one connecting 
Rl to R2, and the other connecting Rl to R3. 

£• R2 and R3 should each be configured with a frame- relay point -to -point 
connection to R I 



> Use the following IP address chart tor IP address assignment. 
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II* Addressing: 



Router 


Interface 


IP address 


Rl 


LoO 

The frame- relay connection to R2 

The frame-relay connection to R3 


1.1.1.1 .8 

10. I.I 2.1 ,'24 
10.1.13.1 ,'24 


R2 


LoO 

The frame-relay connection to Rl 


10.1.12.2/24 


R3 


LoO 

The frame- relay connection to Rl 


T 1 1 T it) 

10.1.13.3,24 



Task I 

Configure BGP AS 100 on all routers and ensure that the routers can successfully 
establish an 1BGP peer session with each other. These routers should only advertise their 
LoopbackO interface in BGP. To provide NLR1. the links between the routers should be 
advertised in RlPv2. 



On All Routers 










(config-rautcr)#rautcr rip 
(config-routcr)#no au 
(config-routcr)nvcr 2 
(config-rautcr'v^nctw 10.0.0. 








On Rl 










R 1 ( c o n fig)# ro u t cr bgp 1 00 
Rl (config-routcr)#nct\v 1 .0.0.0 
Rl icon fig -router)#ricighbor 10.1 
Rl (config-routcr)#ncighbor 10.1 
Rl (config-routcr)#no syn 


12.2 remote- 

13.3 remote- 


as 
as 


100 
100 


On R2 










R2(config)#ro Liter bgp 100 
R2i;config-router)#nctw 2.0.0.0 
R2(config-routcr)#ricighbor 10.1 
R2(config-rou tcr)#ncighbor 1 0. 1 
R2(config-routcr)#no syn 


12. 1 remotc-as 
13.3 remotc-as 


100 
100 


On \U 
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R3(config')#routcrbgp 100 
R3(config-routcr)#nctw 3.0. 0.0 
R3(config-router)#ricighbor 10.1.13.1 remote- as 100 
R3(config-ro Liter)" neighbor 10.1.12.2 remote- as 100 
R3(config-routcr)#no syn 



Tu verify the configuration: 



On K3 

R3"Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1 , N2 - OSPF XSSA external type 2 
El - OSPF externa! type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S levcl-1, L2 - 1S-IS levcl-2 
ia - IS- IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 1.0.0.0/8 [200 0i via 1 0. 1 . 13. 1, 00:20:04 
B 2 .0 .0 . .Q.'8 [200/ ] via 10. 1 . 12.2, 00:20:09 

C 3.0.0.0/8 is directly connected, LoopbackO 

10.0.0.0/24 is subnetted, 2 subnets 
C 10.1.13.0 is directly connected, Scrial0'0.31 

R 1 0. 1 . 1 2.0 [120/1 J via 10.!. 13. 1, 00:00:25, Scrial0/0.31 

On R2 

R2#Show ip bap 

BGP tabic version is 4, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rR]B-failurc t S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Path 



Network 
*>il.0.0.0 


Next Hop 
10.1.12.1 


Metric LocPrf 
100 


Weight 



*> 2.0.0.0 


0.0.0.0 





32768 


*>i3 .0.0.0 


10.1.13.3 


100 
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Task 2 

You received an e-mail from the management stating that within the next 12 months 20 
additional routers will be added to this AS. In order to minimize the number of peer 
sessions within this AS, you decided to implement route reflectors. Configure Rl as a 
route reflector lor this AS. 



On Rl 

R 1 (config)#ro titer bgp 100 

Rl (config-routcr)T#ncighbor 10.1. 12.2 routc-reflcctor-clicnt 
Rl (config-routcr)#ncighbor 10.1. 13.3 routc-reflcctor-clicnt 

On R2 

R2(config)#ro Liter bgp 1 00 

R2(config-routcr)^no neighbor 10.1.13.3 rcmotc-as 100 

On R3 

R3(config)#routcrbgp 100 

R3i;config-rautcr)#\0 neighbor 10.1.12.2 rcmotc-as 100 

In order for all I BGP speakers in an AS to exchange routes with one another, the 
IBGP speakers must he fully meshed (Every router must establish a peer session to 
every other router). Route-reflectors can be configured to reduce the number of 
peer sessions that must be established between the routers within a given AS. If a 
route-reflector is used, all IBGP speakers need not be fully meshed. In this model, 
the router that is configured to be the route-reflector must have a peer session 
established to every client, the clients must establish a peer session with the route 
reflector. The route reflector will reflect routes learned from one client to the other 
client's. 

To verify the configuration: 



On R2 

R2"Sho\v ip bgp 

BGP table version is 10, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tail urc, S Stale 
Origin codes: i - 1GP. c - EGP. '- 1 - incomplete 
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Network Next Hop Metric LocPrf Weight Path 

*>il .0.0.0 10. 1.12. 1 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*>i3. 0.0.0 10.1.13.3 100 i 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3. timeout is 2 seconds: 



Success rate is 100 percent (5''5), round-trip min/avg'max = 1 12/113/1 16 ms 

On K3 

R3rrSho\v ip hgp 

BGP table version is 10, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il. 0.0.0 10.1.13. 1 100 i 

*>i2 .0.0.0 10.1.12.2 100 i 

*> 3.0.0.0 0.0.0.0 32768 i 

R3*Ping 2.2.2.2 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 16 ms 



Task 3 

Alter implementing the route reflector, you realized that if the route reflector is down, the 
entire net wort: is dysfunctional; therefore, you decided to add R4 as the second route 
reflector lor redundancy. Ensure that these routers can reach the advertised networks and 
the redundancy is operational. 
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AS 100 




DC) M) I" I'msf the existing eon 11 juration, thf following 

i.'t>n Figuration is added to thi' existing configuration. 



Lai) Setup: 

Add tht-- toJJovung configuration to thf existing configuration: 



> Configure Rl with an additional point-to-point frame- relay connection to R4. 
using the IP addressing and the DLC1 information provided below. Rl should 
establish a BGP peer session with R4 over this frame-relay connection. 

> R2 and R3 should each be configured with an additional point- to -no int frame- 
relay connection to R4. Use the IP addressing and the DLC1 information provided 
be low for these connections. R2 and R3 should each establish a BGP peer session 
with R4 over this connection. 

> R4 should be configured with three point-to-point frame-relay connections, one to 
Rl. the second one to R2 and the third one to R3. Use the following IP addressing 
and DLC1 information for these connections. 
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II* Arid rising: 



Router 


Interface 


IP address 


DLC1 


Rl 


SO G.14 


10. I.I 4.1 24 


I 04 


Rl 


SO '0.24 


10.1.14.1 24 


204 


R3 


SO 0.34 


10.1.34.3 24 


304 


R4 


LoO 
SO, 1 (1.42 
SO/0.43 

SO/0.41 


4.4.4.4 /8 
10.1.24.4 '24 
10.134.4 .24 
10.1.14.4 24 


402 
403 
401 



On R4 




R4(config)#ro uler bgp 1 00 




R4(config)#Nctwork 4. 0.0.0 




R4 (c o n fig-ro u tcr)#ncighbo r 10.1.14.1 rcmo tc-as 1 




R4(config-routcr)#ncighbor 10.1.24.2 rcmotc-as 100 




R4 (con fig-ro uter)#ncighbor 10.1.34.3 rcmotc-as 100 




R4 (con fig-ro utcr)#ncighbor 1 0. 1 .24.2 route-reflector client 




R4(config-routcr)#ncighbor 10.1.34.3 route- reflector client 




R4 is the secondary route- reflector. R4 should he configured as follows: 




> R4 should have a peer session with Rl — the route-reflectors should have 


full 


mesh peer sessions between them. 




> R4 must have a peer session with R2 and R3. 




> R4 must configure R2 and R3 as route- re flee tor clients. 




On R2 




R2(config)#routerbgp 100 




R2(config-routcr)#ncighbor 10.1.24.4 rcmotc-as 100 




On R3 




R3 (configure utcrbgp 100 




R 3 (con fig-ro utcr)#ncighbor 10.1.34.4 remote- as 100 




On Rl 




RI(config)r#ro utcr bgp 100 




RI(config-routcr)#ncighbor 10.1. 14.4 rcmotc-as 100 
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Having a sin tilt 1 RR can introduce a single point of failure, its best to have multiple 
RRs incase the RR fails, this redundancy is critical when there am many RR clients. 

10 vilify the configuration: 



On kl 

Rl*Sh ip bgp 

BGP tabic version is 6, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP> ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32768 i 


* .2.0.0.0 


10.1.24.2 





100 Oi 


*>i 


10.1.12.2 





100 Oi 


*>i3 .0.0.0 


10.1.13.3 





100 . 


* i 


10.1.34.3 





100 


*>i4.0.0.0 


10.1.14.4 





100 Oi 


To test the 


configuration: 






On kl 







Rl(config)#intsO/0 
Rli;config-it>shut 

On K2 

R2^Show ip bgp 

BGP table version is 8, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
rRlB-failurc, S Stale 

Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 0.0.0.0 32768 i 

*>i3. 0.0.0 10.1.34.3 100 Oi 

*>i4. 0.0.0 10.124.4 100 Oi 
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R2#Puig 3.3.3.3 
















Type escape sequence to abort. 
















Sending 5 S 100-bytc [CMP Ethos to 3.3.33, 


timeout is 


2 seconds: 

























Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112.. 


114. 


116 


ms 



task 4 

Erase the startup configuration and reload the routers. Reconfigure the routers based on the 
following IP addressing and topology: 




AS 100 
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IP Addressing: 



Router 


Interface 


IP address 


Rl 


LoO 

The frame- relay connection to R4 
The frame- relay connection to R2 
The frame- relay connection to R3 


1.1.1.1 .8 
10.1.14.1 ,'24 
10.1.12.1 /24 
10.1.13.1 24 


R2 


LoO 

The frame-rela*. connect ion to Rl 


2.12.2 .'8 
10.1.12.2/24 


R3 


LoO 

The frame- relay connection to Rl 


~l 1 1 t ,o 

1 0.1. 13.3.24 


R4 


LoO 

The frame- relay connection to Rl 
The frame- relay connection to R5 
The frame- relay connection to R6 


4.4.4.4 .'8 
10.1. 14.4 24 
1 0.1. 45.4/24 

10.1.46.4 '24 


R5 


LoO 

The frame- relay connection to Rl 


5 * % 5 .'8 
10.1.45.5 24 


R6 


LoO 

The frame- relay connection to Rl 


6.6.6.6 8 
10.1.46.6 '24 



Lab Setup: 



> Configure Rl with three point-to-point frame-relay connections: these point- 
to-point connections should connect Rl to R2. R3 and R4. 

'r Configure R2 and R3 with a single point-to-point connection to Rl . 

> R4 should be configured with three point-to-point frame-relay connections; 
these point-to-point connections should connect R4 to R5. R6 and Rl . 

> Configure R5 and R6 with a single point-to-point connection to R4. 

> Rl should be configured as the route reflector tor routers R2 and R3. whereas 
R4 should be configured to be the routc-rcflcctor for routers R5 and R6. 

> Rl and R4 should be configured to have an 1BGP peer session between 
them: these two routers should be configured in BGP AS 100. 

> XLR1 for the links should be provided through RlPv2. 



On All Routers 
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(config)#routcr rip 




(config-rautcr)#no an 




(config-rautcr)#vcr 2 




i;coniig-routcr)#nct\v 10.0. 0. 




On Rl 




R 1 (c o n fig-ro li tcr )#m Lit cr bgp 1 




R 1 (c o n fig-ro u t cr) £ no au 




R 1 (c o n fig-ro u tcr)#no syn 




Rl (config-routcr.^nctw 1.0. 0.0 




RI(config-rautcr)#ricighbor 10.1.12.2 remotc-as 100 




Rl (con fig -rout cr)#ncighbor 10.1.13.3 remote- as 100 




Rl(config-routcr)#ncighbor 10.1.14.4 rcmotc-as 100 




Rl (con fig -routcr)# neighbor 10.1. 12.2 rautc-rcf.cctor-c!icnt 




R 1 (config-routcr)T#ncighbor 1 0. 1 . 13.3 routc-rcflcctor-clicnt 




On R2 




R2(config)#ro Liter bgp 100 




R2(config-routcr)r'no aLi 




R2(config-routcr)#no syn 




R2 (c o n fig-ro u tcr)#nct wo r k 2. . . 




R2 (c o n fig-ro li tcr) "neighbo r 10.1.12.1 rcmo t c- as 1 




On R3 




R3(config)#routcrbgp 100 




R3 (con fig-ro utcrj^no au 




R3 (con fig-ro li tcr )#no syn 




R3(config-routcr)r*nct\vork 3. 0.0.0 




R 3 (con fig-ro Litcr)#ncighbor 10.1.13.1 rcmotc-as 100 




To verify the coni'&uratiun: 




On R3 




R3#Sho\v ip bnp 




BGP tabic version is 4. local router ID is 3.3.3.3 




Status codes: s suppressed, d damped, h history, * valid, > best, i 


■ internal, 
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r RIB -failure, S St a 


X 






Origin codes: i - 1GP. c - EG P. ? - incomplete 




Network Next Hop 


Metric LocPrf Weight Path 


*>il .0.0.0 10.1.13.1 




100 


Oi 


*>i2.0.0.0 10.1.112 




100 


Oi 


*> 3.0.0.0 0.0.0 .0 




32768 i 


On R4 








R4(config)#routcrbgp 100 








R4 (con fig-ro u t cr )# no au 








R4 (c o n fig-ro u t cr)# no syn 








R4 fc o n fig-ro u t cr )ft net wo r k 4. . . 






R4 ( c o n fig-ro u tcr)# ncig hb o r 


10.1.14.1 


remote- as 100 




R4 ( c o n fig-ro u t cr ) ft nci g hb o r 


10.1.45.5 


remote- as 100 




R4 (con fig-ro utcr)#ncighb or 


10.1.46.6 


remote- as 100 




R4 (c o n fig-ro u t cr) # ncig hb o r 


10.1.45.5 


routc-rcflcctor- 


client 


R4 (c o n fig-ro u tcr)#ncighbo r 


10.1.46.6 


ro u t c- rtsfle C t o r-c li en t 


On \15 








R5(config)#RoLitcrbgp 100 








R5 (c o n fig-ro u tcr)#No au 








R5(config-routcr)#No syn 








R 5 (c o n fig-ro u t cr ) #N ct wo rk 


5.0.0.0 






R5 (c o n fig-ro u t cr)#Nc igh bo r 


10.1.45.4 


remote- as 100 




On R6 








R6(config)#Routcr bgp 100 








R6 (c o n fig-ro u t cr) # No au 








R6(L'onfig-routcr)#No syn 








R6i;config-roLitcr)r*Network 6. 0.0.0 






R6 (c o n fig-ro u tcr)#Nc igh bo r 


10.1.46.4 


remote- as 100 




10 verify the confisf ura 


lion: 






On R6 








R6#Show ip bgp 








BGP tabic version is 7, loca 


router ID 


is 6.6.6.6 
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100 Oi 





100 i 





100 : 





100 





100 i 





32768 i 



Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r R] B - tail tire, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il. 0.0.0 10.1.14.1 

*>i2 .0.0.0 10.1.12.2 

*>i3 .0.0.0 10.1.13.3 

*>M. 0.0.0 10.1.46.4 

*>i5. 0.0.0 10.1.45.5 

*> 6.0.0.0 0.0.0.0 

On K3 

R3ftShow ip route 

Codes: C - connected, S - static, R - RIP, \\ - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
XI - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvel-1, L2 - 1S-1S levcl-2 
ia - IS- IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

B 1.0.0.0/8 1 200/01 via 10.1.13.1, 00:08:44 

B 2.0.0.0/8 1 200/01 via 10.1.12.2, 00:08:44 

C 3.0.0.0/8 is directly connected, LoopfoackO 

B 4.0.0.0/8 |200/01 via 10.1.14.4, 00:04:14 

B 5.0.0.0/8 |200/01 via 10.1.45.5, 00:02:57 

B 6.0.0.0/8 |200/01 via 10.1.46.6, 00:02:03 

IO.O.O.Q'24 is suhncttcd, 5 subnets 
R 1 0. 1.14.0 [120/1 J via 10. 1 . 13. 1, 00:00:07, ScrialO'0.31 

C 10. 1 .1 3.0 is directly connected, ScnalO/0.31 

R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1 . 13. 1 , 00:00:07, Serial 0/0. 31 

R 1 0. 1 .46.0 [120/2] via 10.1 . 13. 1, 00:00:08, SerialO.0.31 

R 1 0. 1 4 5. [ 120/2 J via 1 . 1 . 1 3 . 1 , 00 :00 :0 8 , ScrialQ-'0 . 3 1 

Note AS 100 has two route reflectors, each mute-reflector has it's own clients, when 
a given RR receives an update from one of it's clients, it advertises that prefix to the 
other RR/s, the other RR/s in turn advertise that prefix to their clients. 
There are some additional optional non-transitive attributes that can he used when 
RRs are configured and thev are: originator-id, cluster-id and cluster-list. 
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> Origin a tor- id: This attribute is created by the RR: this is the muter- id of the 
router that originated the prefix, It's created to avoid routing loops, a RR 
will NOT advertise a route back to the originator of the prefix and if the 
originator of a prefix receives an update with its own router-id, it will ignore 
that prefix. 

> Cluster and Cluster- id: A RR/s and its clients are collectively known as a 
cluster, each cluster must be uniquely identified, and the cluster-id is 
typically the router-id of the RR unless specifically configured. 

> Cluster-list: This attribute is analogous to AS -path attribute, and it keeps 
track of the cluster-ids in the same way that the AS-path attribute keeps 
track of the AS numbers. When the RR advertises a prefix to a non-client, it 
appends the cluster-id to that prefix's cluster-list, if a RR receives an update 
and sees its own cluster-id in the cluster-list, it will ignore that update. 

To see the attributes; 

On RI 



RlsShow-ipbgp 6.0.0.0 

BGP routing tabic entry for 6.0.0.0/8. version 21 

Paths: (1 available, best #1. tabic Default-] P- Routing- Table) 

Advertised to update-groups: 
2 

Local 
10.1.46.6 (metric 1) from 10.1.14.4 (4.4.4.4) 
Or.L'.n ICJP. metric 0, localprcf 100, valid, internal, best 
Originator: 6.o.n.n ; Cluster list: 4.4.4.4 

Note prefix 6.(1.0.(8 is the originator of the prefix and it came from 4.4.4.4 (The 
cluster- list). 

On R3 

R>Showipbgp 6.0.0.0 

BGP routing table entry for 6.0.0. 0/8, version 25 

Paths: (1 available, best #1, tabic Default-] P- Routing- Tabic) 
Not advertised to any peer 

Local 
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1 .0.1.46.6 (metric 2) from 10.1.13.1 (1.1.1.1) 
Origin 1C3P, metric 0, localprcf 100, valid, internal, best 
Originator: 6.6.6.6. Cluster list: 1,1.1.1,4.4.4.4 

Note this, prefix has gone through cluster- ids of 4.4.4.4 first and then it traversed 
through cluster- id 1.1.1.1 before it was received by the local router. 

Note the originator-id is the router-id of the router that originated that prefix, the 
output ol the following "Show" command reveals the router-id of the router that 
originated the mute. 

RfttSh ip bgp 



BGP tabic version is 7, local router ID is 6.6.6.6 
Status codes: s suppressed, d damped, h history. * valid, > best, 
r RIB -failure, S Stale 

Origin codes: i - 1GP. e - EGP, ? - incomplete 



- interna. 



Network 
*>il. 0.0.0 
*>i2.0.0.0 
*>i3 .0.0.0 
*>i4.0.0.0 
*>i5 .0.0.0 
*> 6.0.0.0 



Next Hop 

10.1.14.1 

10.1.12.2 

10.1.13.3 

I ft 1 .46.4 

10.1.45.5 

0.0.0.0 



ctric LocPrf Weight Path 



100 
100 
100 
100 

100 



Oi 
Oi 
Oi 
Oi 
Oi 







32"6Si 



Task 5 



Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 3 
Conditional Advertisement & BCP Backdoor 






EIGRP 100 

150.1.23^/24 




\ 



AS 100 



l.al> Setup: 



> Configure R! to have two point-to-point frame- relay connect ions, one eonncc ting 
Rl to R2, and the other connecting Rl to R3. 

> R2 and R3 should be configured with a single frame-relay point-to-point 
connection to Rl. 

> Con figure R2 a nd R3 ' s F 0/0 in tcriace to be i n V L A N 23 . 
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II* addt Lssinjj; 



Router 


Interface 


II* Ad drew 


AS number 


Rl 


LoO 


1.1.1.1 /8 


100 




SO/0.12 


10. 1.12.1 ,24 






SO 0.13 


10.1.13.1 04 




R2 


LoO 


2.2.2.2/8 


200 




I.o 1 


150.1.2.2 /24 






SO/0.21 


10. 1.1 2. 2 '24 






FO.'O 


150.1.23.2 '24 




R3 


LoO 


3.3.3.3/8 


300 




Lol 


150.1.3.3/24 






SO 0.31 


10. 1.13.3 24 






FO 


150.1.23.3/24 





I ask I 

Configure EBGP peer sessions as follows: 

> Rl to have an EBGP peer session to R2 and R3 

> R2 and R3 to have an EBGP peer session to Rl 



On Rl 












Rlfconfig)#ro Liter bgp 100 
Rl feonfig-routcr)r*no auto 
R 1 ( eonf]g-routcr)#ricighbor 
R 1 ( e o n fig-r o u t cr) # neig hb o r 


10.1. 
10.1. 


12.2 
13.3 


remote- 
remote- 


as 
as 


200 
300 


On R2 












R2(config)#routcrbgp 200 
R2(config-routcr)r ! no au 
R2 ( c o n fig-r o u t cr ) S ne: g lib o r 


10.1. 


12.1 


remote- 


as 


100 


On K3 












R3fconfig-it>roLitcr bgp 300 

R3(config-routcr)#no au 

R 3 (e o n fig-ro u ter)#ncighbo r 10.1. 


13.1 


remote- 


as 


100 


I o verify the configura 


tion 


« 
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On kl 

Rl^Show ip bap summary 

BGP router identifier 1 . 1 . 1 . 1, local AS number 100 
BGP table version is 1, main routing table version 1 

Neighbor V AS MsgRcvd MsgScnt TbIVcr InQ OutQ L'p/Down State PixRcd 
10.1.122 4 200 3 3 10 00:00:56 

10.1.13.3 4 300 4 4 10 00:00:20 



task 2 

Configure Rl , R2 and R3 to advertise their loopbackO interface in BGP. 



On kl 

R 1 (c o n fig-rd u t cr)# ro ut cr bgp 100 
Rl (config-routcr)r*nctwork 1.0.0.0 

On K2 

R2 (c o n fig-ro u ter)# ro ut er bgp 20 

R2(config-routcr)r*nctwork 2.0.0.0 

On R3 

R3(config)nroutcrbgp 300 

R 3 (c o n fig-ro u t cr)r*nctwo r k 3.0.0.0 

To verify the configuration: 

On K3 

R3^Sho\v ip bgp 

BGP tabic version is 4, local router ID is 150. 1 .3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, '- 1 - incomplete 
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Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


10.1.13.1 


100 i 


*> 2.0.0.0 


10.1.13.1 


100 200 i 


*> 3.0.0.0 


0.0.0.0 


?2~oS- 



Task 3 

Configure RlPv2 and Eigrp 100 on the routers as follows: 

> Configure RlPv2 on all routers to advertise network 10.0.0.0. these routers should 
have their auto summarization disabled. 

> R2 and R3 should also advertise their loopbackl and F0 interface in Eigrp 
AS* 1 00. 



On R2 and R3 

(config^routcr eigrp 100 

i conf.g -router)- no liu 

( config-routcr')#nctw 150.1 .0.0 

On All Routers: 

( co nil g)* Router Rip 
(config)#Vcr 2 
(config-routcr)#No au 
( config-router^N'ctwork 1 0. 0. 0.0 



Task 4 

If the link between R2 and R3 (The F0.O interface) goes down, Loopbackl network of 
these two routers won't have connectivity even though there is a redundant link between 
these two routers, therefore, the administrator of R2 and R3 decided to advertise their 
Loopback I interface in BGP for redundancy, configure these routers to accommodate 
this decision. 
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On R2 

R2(config -router)** rout cr bgp 200 

R 2 ( c o n fig-ro u tcr)** net wo rk 150.1 .2.0 mask 25 5255 2 5 5 .0 

On R3 

R3 (c n fig)* ro ut cr bgp 300 

R 3 (con fig-ro Liter)** network 150.1.3.0 mask 255.255.255.0 

To verify the configuration: 

On R2 

R2**Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external O - OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type : 
El - OSPF external type 1, E2 ■ OSPF external t>pc2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - 1S-IS lcvcl-2 
ia - IS-1S inter area. * - candidate default, L" - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

C3 ate way of last resort is not set 

B 1 .0.0.O/8 [20/0 J via 10. 1. 12.1 s 00:18:54 

C 2.0.0. 0'8 is directly connected, LoopbackO 
B 3.0.0.0/8 [20/0 J via 1 0. 1 . 1 2. 1 , 00: 1 8:54 

1 .0 .0 .024 i s su bn fitted, 2 sub nets 
R 1 0. 1 . 1 3 . [ 1 20/ 1 J v ia 1 . 1 . 1 2 . 1 , 00: 00:01, ScrialO/0 .2 1 
C 1 0. 1 . 12.0 is d ircctly connected, Scrial0/021 

150. 1 .0.0/24 is sub netted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
B 15(1. 1.3.0| 20/01 via 10.1.12.1, 00:13:21 
C 1 50. 1 2.0 is d ircctly connected, Loopback 1 

On R3 

R3**Show ip route 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external. O - OSPF. LA - OSPF inter area 
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XI - OSPF XSSA external type I s X2 - 05 PF XSSA external type 2 
El - OSPF external type I . E2 - OSPF external type 2 
i - IS-1S, su - IS-1S summary, LI - 1S-1S level- 1, L2 - IS-1S levcl-2 
ia - 1S-1S inter area, * - candidate default, L" - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B I .O.O.fl'S [20/0 J via 10. 1.13 J, 00:20:24 

B 2.0.0. QfB [20/0 J via 1 . 1 . 1 3 . I , 00 : 2 : 5 5 
C 3.0.0. 0/8 i s d i rcc t ly co n n cc t cd , Loo p b ac kO 

1 0.0.0. 0'24 issubnetted, 2 subnets 
C 10.1.13.0 is directly connected, ScrialO/0.31 
R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1 . 1 3.1 , 00:00:20, Scrial0'0.31 

150. 1 .0.0/24 is subncttctL 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
C 1 50. 1 .3.0 is directly connected, Loopback I 
B I50.I2.fl [20/01 via 10.1.13.1,00:15:22 



TaskS 

After implementing the previous task, the administrators realized that the traffic between 
networks 150.1.2.0 .'24 and 150.1 .3.0 .'24 is taking a sub-optimal path; it is not using the 
direct path between routers R2 and R3. 

Implement a BGP solution to fix this problem; you should XOT use the distance or any 
global contig mode command to accomplish this task. 



On K2 

R2iconfig)#ro titer bgp 200 

R2(config-routcr)r*netnork 150.1.3.0 mask 255.255.255.0 backdoor 

On R3 

R3(config)#routcrbgp 300 

R3i;config-routcr)#netwoi-k 150.1.2.(1 mask 255.255.255.0 buekdoor 

To verify the configuration: 

On R2 
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R_r*Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - EIGRP external, - OSPF, I A - OSPF inter area 
XI - OSPF NSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, LI - IS-IS lcvcl-1, L2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - period ic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.QV8 [20/0] via 10. 1. 12.1 , 00:27:57 
C 2.0.0.0/8 is directly connected, LoopbackO 
B 3.0.0. 0/8 [20/0 J via 1 0. 1 . 1 2. 1 , 00:27:57 

1 0.0.0. Q'24 is subnet ted, 2 subnets 
R 1 0. 1 . 1 3 .0 [ 120/ 1 J via 1 . 1 . 1 2 . 1 , 00: 0:14, Scrial0/0 .2 1 
C 10. 1 .12.0 is directly connected, ScrialO'0. 21 

150. 1 .0.0/24 is subnetted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
D 150.1.3.0 190/156160] via 150.1.23.3, 00:01:19, FastElliernetO.'O 
C 150. 1.2.0 is directly connected, Loopbackl 

On R3 

R3#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -EIGRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF NSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS lcvcl-1, L2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.0/8 [20/0 J via 10.1. 1 3.1 , 00:28:07 
B 2.0.0. 0/8 [20/0 J via 1 0. 1 . 1 3.1 , 00:28:38 
C 3.0.0.0/8 is directly connected, LoopbackO 

1 0.0.0. 0/24 is subletted, 2 subnets 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO/0. 31 
R 1 0. 1 .12.0 [120/1 J via 10. 1 . 1 3.1 , 00:00: 14, ScrialO/0.31 

150. 1.0.0/24 is sub net ted. 3 subnets 
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C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 

C 1 50. 1 .3.0 is directly connected. Loopback 1 

D 150.1.2.0 |90/1561601 via 150.1.23.2, 00:01:11, Fast Ethernet 0/0 

Note 112 and R3 were receiving routing information for networks 150.1.2.0/24 and 
150.13.0 .'24 fnim two different sources, BGP and Eigrp. 

R2 and R3 were using the muting information from BCrP because it had a lower 
administrative distance (20 versus 90). 

The "Network backdoor" command is a BCrP solution to this problem: the BCrP 
"backdoor"' option assigns an administrative distance of 200 to networks 150.1.2.0 
.'24 and 150.13.0 .14, therefore, making the Eigrp more believable. 

Enter the following commands to actually see the changed administratis e distance: 

On R2 and K3 

(config)#NO router eigrp 100 

On R2 

R2"Sh ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - EIGRP, EX -EIGRP external, - OSPF, LA - OSPF inter area 
Nl - OSPF NSSA external type I, N2 - OSPF NSSA external type 2 
El - OSPF external t>pc 1, E2 - OSPF external type 2 
i - 1S-1S, su - IS-IS summary, LI - 1S-IS levcl-l ? 'L2 - 1S-IS rCvcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.0/8 [20/0 J via 1 0. 1.12.1, 00:36:39 
C 2.0.0.0/8 is directly connected, LoopbackO 
B 3.0.0.Q''8 [20/0 J via 10.1.12.1, 00:36:39 

10.0.0.0/24 issubnetted, 2 subnets 
R 10. 1.13.0 [120/1] via 10.1.12.1, 00:00:1 1, ScriaIO/0.21 
C 1 0. 1 . 1 2.0 is d ircctly connected, ScrialO/0.21 

150.1.0.0/24 is sub netted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
B 150.1.3.0 1200/01 via 10.1.12.1,00:00:13 
C 1 50. 1 2.0 is directly connected, Loopback 1 
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On K3 

R3#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external t>pc 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-1S summary, L I - 1S-1S Icvc1-1,'l2 - 1S-]S lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

C3 ate way of last resort is not set 

B I .O.O.O'S [20/0 J via 1 0. 1 . 1 3. 1 , 00:39:19 
B 2.0.0. 0/8 [20/0 J via 1 0. 1 . 1 3.1 , 00:39:50 
C 3.0.0. 0/8 i s d i roc t ly co n ncc t cd , Loo p bac kO 

10.0.0.0/24 is subnetted, 2 subnets 
C 1 0. 1 . 13.0 is d ircctly connected, ScrialO 0. 31 
R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1.13.!, 00:00: 1 9, ScrialO^ 0.31 

150. 1. 0.024 is subnetted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
C 1 50. 1 .3.0 is d ircctly connected, Loopback 1 
B 150.1.2.0 1200/01 via 10.1. 13.1, 00:02:57 



Task 6 

Remove the IP address from the F0/0 interlace of R2 and R3 and ensure that the FO'O 
interface of both routers is in administratively down state. You should also remove the 
Loopbackl interface from these two routers. 



On \U and K3 

(conlig)#]ntcriacc FO/0 
(config)#NO ip address 
( co niig)r*S h ut do w n 

foomfig)#NO bit lol 
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Task 7 

Configure Rl as follows: 

If network 2.0.0.0 is up and it's advertised to Rl.RI should take the following actions: 

> R 1 should NOT advertise it's network 1.0. 0. 8 to R3. 

> Rl should ONLY advertise network 2.0.0.0 1% to R3 

However, if network 2.0.0.0 8 is down, then Ri should take the following actions: 

> R 1 should advertise network 1 .0.0.0 8 to R3. 

> Rl should remove network 2.0.0.0 8 from it's BGP table. 



Before configuring this task you should verify the current BGP table of these routers: 

Rl#Shjpjw ip bgp 

BGP table version is 7, local router ID is 1.1.1.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

R2r*Show ip bgp 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network N'cxtHop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.12.1 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12.1 100 300 i 

R3#Show ip bgp 

BGP table version is 7, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB -failure, S Stale 



CCIE R&«* by NarWk Kuchariaiis Advanced CCIE R&S Work Book 2.0 Page 6??t>flQ68 

C 2009 NarbikKochariaiu. All riflhU rcirrvwl 



Origin codes: i - 1GP. e - EGP, ? - incomplete 

Network Next Hop Metric LocPri* Weight Path 

*> 1.0.0.0 10.1.13.1 lOOi 

*> 2.0.0.0 10.1.13.1 100 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

To conditionally advertise selected routes \ve can use the following commands: 

'r Advertise-map 

> Non-exist-map 
'r r-xist-map 

This situation calls lor the use of the "advertise-map '" and non-exist-map 1 " as follows: 
On Rl 

Rl(config)#acccss-list I permit 1.0.0.0 0.255.255255 
Rli;config)#acccss-list 2 permit 2.0.0.0 0255.255.255 

Rl (config)#routc-map ADV permit 10 

R 1 fc o n fig-ro u t c- map ) * mat C h ip ad d r I 
R 1 (config-rou tc-map Jrrcxit 

Rl(config)#routc-map .Not!' here permit 10 

Rl(config-routc-map)frmatch ip addr 2 
R I (c o n fig-ro u t c- map )#cx it 

To prevent confusion you should select meaningful names for the mute-maps. Note the 
access-list numbers and the names of the route-map. 

R I (config^ro Liter bgp 100 

Rl(eonfig-routcr)#neighbor 10.1.13.3 advertise-map AUV non-exist-map Nut There 

The neighbor command has the following route-maps: 

> The advertise-map — Specifies the name of the route-map that will be 
advertised if the condition of the non-exist-map is met. 

> Non-exist-map — specifies the name of the mute-map that will be compared to 

the ad\ertise-map. If the condition is met and no match occurs, the route will 
be advertised. If a match occurs, then the condition is NOT met, and the route 
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is withdrawn. 

Note if network 2.0.0.0 is up, then network 1 .0.0.0 should NOT be advertised to R3, 
since all the networks are up and advertised, Rl should withdraw it's network (1. 0.0.0 

On Rl 



Rl^Show ip bgp 

BGP tabic version is 7. local router ID is 1 . 1 . 1 . I 

Status codes: s sup pressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

Note Rl does NOT advertise it's network (1. 0.0.0 /8) to R3: 

R l^Show ip bgp neighbors 1 0. 1 . 1 3.3 advertiscd-routes 

BGP tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 200 i 

Note the output of the following command reveals that the bgp table of R3 does not 
have network 1.0.0.0/8: 

On K3 

R3*Sho\v ip bgp 

BGP tabic version is 34, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 
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Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10. 1. 13. 1 100 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

I u test the condition: 

On R2 

R2iconfig)#int loO 
R2(L'orifig.if)#ShLil 

The output of the following "Show'" command reveals that network 2.0.0.0 is DOWN 

therefore, Rl should advertise its network (1.0.0.0 /8) to R3. It may take few seconds 
for this policy to get implemented: 

On Rl 



RlrrShow ip bgp neighbors 10.1.13.3 advertised -routes 

BGP tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i ■ IGP, c ■ EGP, ? ■ incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

Note network 1.0.0.0 is advertised to R3. 



I ask 8 

Remove the configuration commands entered in Task 7 before you proceed to the next 
task. Ensure that the routers have the advertised networks in their BGP tabic. 



On Rl 

R 1 f co nfig)#NO access- list 1 
Rli;config)#NO access-list 2 

Rli;config)*NO route-map ADV 
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Rl(contig)#NO route-map Not There 

Rl(eonfig)#router bgp 100 

Rli L'onlig-routerJSNi I neighbdn 10. 1. 13, 3 advertise-map A D V n&ij-cxist-map N'ot There 

Rl#Clcaripbgp * 

On R2 

R2(contig)#int loO 
R2(config-ii)#N» shut 

On Rl 



Rl#Stow jp bgp 

BGP tabic vcrsio n is 4. local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal. 

r RlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.G 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

On R2 

R2r*Shmv jp bgp 

BGP table version is 18 s local router ID is 150.122 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.121 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12. 1 100 300 i 

On R3 

R 3" Show ip bgp 
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BGP tabic version is 19, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.13.1 100 i 
*> 2.0.0.0 10.1.13.1 0100 200 i 
*> 3.0.0.0 0.0.0.0 32768 i 








Task 9 

Rl should be con figured according to the following policy': 

£• If both networks (1.0.0.0 8 and 2.0.0.0 .8) arc up, then both networks should be 
advertised to R3. 

> If network 1.0.0.0 1% is down, Rl should NOT advertise network 2.0.0.0 8 to R3. 

> If network 2. 0. 0.0 t% is down, then Rl should only advertise network 1 . 0. 0. /8 to 
R3. 








On Rl 

Rll'config)#access-list 1 permit 1.0.0.0 0.?55.?55 ?55 

Rl(config)#acccss-list 2 permit 2.0.0.0 0.255.255.255 

Rl(config)# route- map ADV permit 10 
Rl(config-routc-map)^match ip addr 2 
R I (c o n fig -ro u t c- map )#ex it 

Rl(config)rrro Lite- map EXIST permit 10 
Rl (config-routc-map)#match ip addr 1 
R! i'config-routc-map)#cxit 

R 1 (c o n fig^ro u t cr bgp 100 

Rlfconfig-routcrtTrneiyhhor 10.1.13.3 advertise-map ADV exist-map EXIST 

To test the first condition: 
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On Kl 

Rl^Show ip bgp 

BGP tabic version is 4, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RJB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1 .0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.122 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

On R2 

R2#Show ip bgp 

BGP table version is 18, local router ID is 150.1.22 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.12.1 € 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12.1 € 100 300 i 

On R3 

R3"Show ip bgp 

BGP table version is 19, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.13.1 € 100 i 

*> 2.0.0.0 10.1.13.1 1 00 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

To test the second condition: 
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On Kl 

Rl(eonfig)#Int bO 
R 1 (c o n fig- ii> Shut 

To test and verify the configuration: 

On Rl 

R l#Show ip bgp neighbors 10.1.13.3 advertised -routes 
Total number of prefixes 

On K3 

R3f*Sh ip bgp 

BGP table version is 12, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 3.0.0.0 0.0.0.0 32768 i 

Note if network 1.(1.(1.(1 is down none of the networks are advertised to R3. 

To Im'Jitj up the I.ooplmck inlfrfai'L 1 of Rl: 

On kl 

Rl(config)#Int loO 
R 1 (c o n fig- if )#No S h ut 

To verify the configuration: 

On R3 

R3*Sh ip bgp 

BGP table version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 
r RIB -failures Stale 
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Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 




Next Hop \: 


*> 1.0. 0.0 




1 0. 1 . 1 3. 1 


*> 2.0.0.0 




10.1.13.1 


*> 3.0.0.0 




0.0.0.0 


'I'll tL'St the 


th 


ird condition: 


On R2 







100 i 
100 200 
32768 i 



R2iconfig)#int loO 
R2(config-il>Shut 

On Rl 



Rl^Show ip bgp neighbors 10.1.13.3 advertiscd-routes 

BGP table version is 6, local router ID is 10. 1 .13.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

Total number of prefixes 1 

On R3 

R3#Shgw ip bgp 

BGP table version is 17, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.13.1 100 i 

*> 3.0.0.0 0.0.0.0 32768 i 
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Task 10 

Erase the startup COnfig and reload the routers before proceeding to the next lab. 
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Lab 4 

Route Dampening 



AS 100 



AS2QQ 



\ 



LoO 




FQVO 



AS 400 




10.123 JO i24 

AS3Q0 ~~ ^ 



FQ.'O 



\ 
/ 



• 



\ 






/ 



1 Ol 1.45.0 /24 




N 



\ 

I 



V 



AS 5 00 



• 
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Lal> Set up: 

> Configure the frame-relay connections between the routers in a point-to-point 

manner. 

> Configure R2 and R3 ! s FO'O interlace in VLAN 23. 

> Configure R4 and R5' s FO'O interlace in VL AN 45. 

>• The IP address assignment of the routers should be based on the lb Ho wing IP 
addressing chart: 



Ip mi dressing; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 


1.1.1.1 8 


100 




SO/0. 12 


10.1.12.1 24 




R2 


LoO 


1 <1 ■) "1 i'O 

-1 O 


200 




SO 0.21 


10.1.12.2 24 






F0 


10.1232 ^4 




R3 


LoO 


T T T T iO 

3.3.5.5 .0 


300 




SO: 0.34 


10.1.34.3/24 






F0 


10.1.23.3/24 




R4 


LoO 


4.4.4.4 /8 


400 




Lol 


40.4.4.4 /24 






Lo2 


44.4.4.4 .'24 






SO/0.43 


10.1.34.4 24 






F0 f) 


10.1.45.4 24 




R5 


LoO 


5.5.5.5 8 


500 




F0 


10.1.45.5 24 





Task 1 

Configure an EBGP peer session between RI and R2 and only advertise their LoopbackO 
interface in BGP. Ensure that these routers have XLR1 to each others advertised prefix. 
Rl should be in AS 100 and R2 should be in AS 200. 



On RI 



R 1 fc o n fig )" router bgp 100 
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RI(config-routcr)rmo au 

Rl{eom%-roiiter)#rcighbor 10.1.12.2 rcmotc-as 200 
Rl (config-routcr)#nct\vork 1 .0.0.0 

On R2 

R2(config)#ra Liter bgp 200 
R2(config-routcr)r*nct\vork 2.0.0.0 
R2i;config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 
R2(config-routcr)#rio au 

To verify the configuration: 

Rl~Sho\v ip bgp 

BC5P tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -fai lure, S Stale 
Origin codes: i - 1GP, c - EGP. '- 1 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.12.2 200 i 






Task 2 

Configure route dampening on Rl using the dcfau'jt parameters. 








On Rl 

R 1 (c o n fig-ro u ter)# ro ut cr bgp 1 
Rl (confag-routcr^bgp dampening 

The parameters of BGP dampening are as follows: 

r Half-lime — Onte a route has been assigned a penalty, the accumulated penalty 
is decreased every 5 seconds such that when the half pe nod expires, the 
accumulated penalty is reduced by half. The default value of half-time is 15 
minutes and the range is 1 to 45 minutes. 

> Reuse - If the penalties for a Happing route is decreased enough to fall below 
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this value, the route is reusable. The default is 750 and the range is 1 to 200(H). 

> Su ppress — Once the accumulated penalties reach this value, the mute is 
suppressed. The default value is 2000 and the range is 1 -20000. 

P Max- Sup press- Time — The maximum time in minutes that a mute can be 
suppressed. The default value is 4 times the half-time value (60 minutes) and 
the range is 1 to 255. 

Therefore this configuration performs the following: 

Half-time = 15 minutes, reuse = 750, Suppress = 2000 and Ma\-Suppress-Time = 60. 

To sec the parameters for dampen in tr: 
On kl 

Rl**Sh ip bszp dampening parameters 

dampening 15 750 2000 60 (DEFAULT) 

Half- life time : 15 mins Decay Time : 2320 sees 

Max suppress penalty: 12000 Max suppress time: 60 mins 

Suppress penalty : 2000 Reuse penalty : 750 

If network 2.0.0.0 is shutdown and then brought backup few times, the flap-statistics 
can be viewed in the "Show ip bgp dampening flap - st a ti sties'* command. 



Task 3 

Configure an EBGP peer session between R2 and R3. and advertise their LoopbackO 
interface in BGP. Ensure that these routers have NLR1 to each others Loopback interface. 
R3 should be configured in AS 300. 



On \U 

R2(config)#routcrbgp 200 
R2(config-routcr)#ncighbor 10.1.23.3 rcmotc-as 300 

On k3 

R3(config)#ruutcrbgp 300 
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R3(config-routcr)r*no au 
R3(config-routcr)f*nctwork 3. 0.0.0 
R3(config-routcr)#ncighbor 10.1.23.2 rcmotc-as 200 

I o verify the configuration: 

On \U 

R3r ! Sho\v ip bgp 

BGP tabic version is 4, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrt* Weight Path 
*> 1.0.0.0 I0.1J23.2 2001 .00 i 
*> 2.0.0.0 10.1.23.2 200 i 
*> 3.0.0.0 0.0.0.0 32768 i 






Task 4 

Configure route dampening on R3 such that the halt- life parameter is set to 30 minutes. 
This router should use the default parameters far supprcss-limit, reuse, and maximum 
suppress time. 






On R3 

R3iconfig-routcr)#bgp dampening 30 7511 2000 60 
To verify the configuration: 

On R3 

R3^Sh ip bgp dampening parameters 

dampening 30 750 2000 6(1 

Half- lite time : 30 mins Decay Time : 1045 sees 
Max suppress penalty: 3000 Max suppress time 60 mins 
Suppress penalty : 2000 Reuse penalty : 750 
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Note you may get a "% dampening reconfiguration in progress for IPv4 Unieast'" 
message, if you do, you should uait few seconds and try again. 



TaskS 

Conligurc an EBGP session between lis and R4. Advertise LoopbaekO. Loopbackl and 
Loopback2 interface of R4 in BGP. Router R4 should be configured in AS 400. 



On K4 

R4 fc o n fig)#ro u t cr bgp 40 
R4 (c Q n fig-ro u tcr)£nct w 4 . 0. .0 

R4(config-routcr)#nctw 40.4.4.0 mask 255.255.255.0 
R4(config-routcr)#nctw 44.4.4.0 mask 255.255.255.0 
R4 (con fig-ro Litcr)rrncighbor 10.1.34.3 remote- as 300 
R4(config-router)#no au 

On R3 

R3 (c o n fig)#ro lit cr bgp 300 

R 3 (c o n fig-ro u tcr)#ncighbo r 1 . 1 . 34 . 4 rcmo tc- as 40 

To verify the configuration: 

On K4 

R4f*Show ip bgp 

BGP tabic version is 7 S local router ID is 44.4.4.4 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPrf 


Weight Path 


*> 1.0.0.0 


10.1.34.3 






300 200 100 


*> 2.0.0.0 


10.1.34.3 






300 200 i 


*> 3.0.0.0 


10.1.34.3 







300 i 


*> 4.0.0.0 


0.0.0.0 







32768 i 


*> 40. 4. 4.0,' 24 


0.0.0.0 







32768 i 


*> 44.4.4.0 24 


0.0.0.0 







32768 i 
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Task 6 

Con J: guru an EBGP peer session bctw cen R.4 and R5. R5 should a d\ cruse its Loophack 
interface in BGP. Ensure that these routers havcNLR] to each others Loopback interface. 
R5 should be configured in AS 500. 



On R5 






R5 (c o n figure u tcr bgp 50 
R5 ('con fig-router)?* no an 

R5(config-routcr)#ncighbor 10.1.45.4 remote- as 400 
R 5 (c o n fig-ro u ter)#nctw 5 . 0. . 






On R4 






R4(config)#routcrbgp 400 
R4(config-routcr)#ncighbor 10.1.45.5 remotc-as 500 






I o verify the configuration: 






R5#Show ip bap 






BGP tabic version is 8, local router ID is 5/5 5 *■ 
Status codes: s suppressed;, d damped, h history. * va 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EG P. ? - incomplete 


id, > best, 


i - internal, 


Network Next Hop Metric LocPrf 
*> 1.0.0.0 10.1.45.4 
*> 2.0.0.0 10.1.45.4 
*> 3.0.0.0 10.1.45.4 
*> 4.0.0.0 10.1.45.4 
*> 5.0.0.0 0.0.0.0 
*> 40.4.4.0/24 10.1.45.4 
*> 44.4.4.0/24 10.1.45.4 


Weight 
" 

ill 


32768 




Path 

400 300 200 100 i 

400 300 200 i 

400 300 i 

400 i 

400 i 
400 i 



Task 7 

Configure route dampening on R4 as follows: 

> Network 40.4.4.0 24 should have the following dampening parameters applied: 
Max-Suppress- Time of90. Reuse 800, Suppress 2400 and a Half-Time of 20 
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£• Network 44.4.4.0 24 should have the following dampening parameters applied: 
Max- Sup press- Time of 60. Reuse "00. Suppress 2000 and a Half-Time of 15 



On K4 

R4(config)#acccss-list 4(1 permit 40.4.4.0 0.0.0.255 

R4(config)#acccss-list 44 permit 44.4.4.0 0.0.0.255 

R4 (c o n fig )#ro Lite- map 1ST permit 10 

R4(config-routc-map)#match ip addr 41) 

R4 (con fig-route- map)* set dampening 20 800 2400 90 

R4 (configure Lite- map 1ST permit 20 
R4 (config-ro Lite- map )r*match ip addr 44 
R4(config-routc-map)#sct dampening 15 700 2000 60 

R4 (con figure Lite- map TST permit 30 

R4 ( e o n fig)#ro u tcr bgp 40 
R4(conrig-roLitcr)#bgp dampening roLitc-map 1ST 

Note the route-map gives us flexibility. In this case we have applied two 
different route dampening parameters to different routes. The two networks 
are identified with access-lists. The route-map references the access-lists and 
sets the dampening parameters based on the networks. 

To verify the configuration: 

On R4 

R4^Sh ip bgp damp parameters 

dampening 20 800 2400 90 (route-map TST 10) 

Half- lite time : 20 mins Decay Time : 3490 sees 

Max suppress penalty: 18075 Max suppress time: 90 mins 

Suppress penalty : 2400 Reuse penalty 800 

dampening 15 700 2000 60 (route-map TST 20) 

Half- life time : 15 mins Decay Time : 2235 sees 

Max suppress penalty: 11200 Max suppress time: 60 mins 

Su p p res s p cnalty : 200 Reuse penalty : 700 
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Task8 

Configure route dampening on R2 using the following policy: 

5* All the existing and future prefixes from AS 300 should have the following 
parameters applied: 

Max- Suppress- Time of 80 
Reuse 750 
Suppress 2200 
Half -Time 30 



On \U 

R2(config)rrip as- path access- list 1 permit A 30 05 

R2iconfig)#routc-map 1ST permit 10 
R2iccmr]g-routc-map)#match as- path 1 
R2i;config-routc-map)#sct dampening 30 750 2200 80 

R2 1 'con fig )#ro utc- map 1ST permit 20 

R2i;config)^ro Liter bgp 200 
R2iconfig-routcr)#bgp dampening route-map TST 

The combination of "route-map'" and the ''as-path access-list'" command can apply 
bgp dampening to an AS based on the AS number. 

To verify the configuration: 

On R2 

R2*Show ip bgp damp parameters 

dampening 30 750 2200 80 (route-map TST 10) 

Halt- life time : 30 mins Decay Time : 1995 sees 

Max suppress penalty: 4755 Max suppress time: 80 mins 

Suppress penalty : 2200 Reuse penalty : 750 
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Task 9 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 5 

Route Aggregation 



/ 



AS 100 



f 



Lc->2 



s 




-■-, 



\ 



/ 



Lab Setup: 

"P Configure frame-relay connection between the routers in a point-to-point manner. 
]**" Use the following IP addressing chart for IP assignment. 



i£ 



addressing; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 

Frame- relay connection to R2 


1.1.1.1 M 

10. I.I 2.1 ;24 


100 


R2 


LoO 
Lol 
Lo2 
Lo3 
Frame- relay connection to R I 


1X1X2 1 24 

22. 1.2 ..24 

- - - - -4 

2.2.12 .24 
10.1.1 2.2 .24 


200 



Task 1 

Configure an EBGP session between the routers and only advertise their Loopback 
interface's in BGP. Rl should be in AS 100 and R2 should be configured in AS 200. 



On kl 
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Rl (config^ro titer bgp 1 00 

R 1 (c o n tig -r o u t er) # no au 

Rl (config-routcr)*nctw 1.0. 0.0 

R 1 (c o n fig -router)" neighbor 10.1. 12.2 remote- as 200 

On R2 

R 2 1 [c o n fig^ro u tcr bgp 20 
R2(config-router)#no mi 

R2(config-router)#ricighbor 10.1.12.1 remote- as 100 
R2i;config-routcr)#nct\vork 2.2.0.0 mask 255.255.255.0 
R2i:config-roLiter)^nctwork 2.2.1.0 mask 255.255.255.0 
R2i;config-router)#nctwurk 2.2.2.0 mask 255.255.255.0 
R2i:config-routcr)#nctwork 2.2.3.0 mask 255.255.255.0 

To verify the configuration 

R2f*Show ip bgp 

BGP tabic version is 6, local router ID is 22.3.2 

Status codes: s suppressed, d damped, h history., * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP. c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


10.1.12.1 





1 00 


*> 2.2.0.0/24 


0.0.0.0 





32768 i 


*> 2.2.1.0/24 


0.0.0.0 





33768 i 


*> 2.2.2.0 24 


0.0.0.0 





32768 i 


*> 2.2.3.0/24 


0.0.0.0 





22~oS ■ 



Task 2 

Configure R2 such that it summarizes it's Loopback interfaces and advertises a single 
summary to Rl . R2 should NOT assign an atomic -aggregate to the summary route when 
it advertises it to any of its neighbors. 



Note in BGP, an aggregate is only created if at least one of the specific routes of the 
aggregate exists in the BGP table. It is recommended to configure most if not all the 
specific routes with a Network statement, because if only a sinyle Network is configured 
to satisfy the requirements, and that particular Network gggj down, then tjfreaggregatg 
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will be removed. 

There are many ways to advertise an aggregate, one way to ad 
creating a static route that matches the aggregate route and tli 
aggregate in BGP as follows: 


vert ise an aggregate is by 

en advertising the 


(conlig'^Ip route 12Q& 255.^55 


752 OnullO 










fco nfig ^Router bgp 200 

(coniig.routcr>#N"ct\vork 2.2.0.0 mask 255.255.252.0 








But since that is not an option h 
aggregate. 


ere, we had to n 


dvert 


ise every 


specific prefix 


under the 


On K2 












R2(config)#Routcr bgp 200 

R2 (c o n fig -routGr)#aggrcgatc- address 2.2.0.0 255.! 


>552f 


2.0 






To verify the configuration 


k 










On Rl 












Rl#Show ip bgp 












BGP tabic version is 7, local router ID is 1 . 1 . 1 . 1 
Status codes: s suppressed, d damped, h history, * 

r RIB -failure, S Stale 
Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 


valid, 


> best, i ■ 


internal, 




Network Next Hop 
*> 1.0.0.0 0.0.0.0 
*> 2.2.0.0/24 10.1.12.2 
*> 2.2.0.0/22 10.1.12.2 
*> 2.2.1.0/24 10.1.12.2 
*>22.2.Q.'24 10.1.12.2 
*> 2.2.3.Q'24 10.1.12.2 


Metric LocPrf 








Weight Path 
32768 i 

200 i 
200 i 
200 i 
200 i 
200 i 






On R2 












R2#Show ip bgp 












BGP tabic version is 7, local router ID is 2.2.3.2 
Status codes: S suppressed, d damped, h history, * 
rRlB-lailurc, S Stale 


valid, 


> best, i ■ 


internal, 
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Network 


Next Hop 


*> 1.0. 0.0 


10.1.12.1 


*> 2.2.0.0/24 


0.0.0.0 


*> 2.2.0.0 22 


0.0.0.0 


*> 22.1.0 24 


0.0.0.0 


*> 2.2.2.0 24 


0.0.0.0 


*> 2,2.3.004 


0.0.0.0 



Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 
100 i 

32768 i 

32768 i 
32768 i 

32768 i 

32768 i 

By default in BGP the aggregate and all the specific routes are advertised. A "summary- 
only'' argument used with the aggregate-address will suppress the specific routes so that 
only the aggregate mute is advertised. 

Note none of the prefixes are suppresses. 

On R2 

R2(config)#routcrbgp 200 

R2(config-routcr)r i aggregate-address 2.2.0.0 255.255.252.111 summary-only 

Note the "summary-only" keyword will suppress all the prefixes on R2 such that R2"s 
neighbors won't seethe more specific routes. 

On K2 

R2"Sho\v ip hgp 

BGP table version is 1 1 , local router ID is 2.2.3.2 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failurc s S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf V 


*> 1.0.0.0 


10.1.12.1 





100 


*> 2. 2. 0.0/24 


0.0.0.0 





32768 i 


*> 22.0.0 22 


0.0.0.0 




32768 i 


s> 2. 2. 1.0/24 


0.0.0.0 





32768 i 


s> 2.2.2.0 24 


0.0.0.0 





32768 i 


s> 22.3.0,24 


0.0.0.0 





32 7 68 i 



Note the letter "$'" to the left of the ■">'" sign. The i- s'" means that these prefixes are 
suppressed. 
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On kl 

Rl#Shaw ip bap 

BGP tabic version is 1 1 , local router ID is 1. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r Rl B- fail Lire, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.2.0. 0/22 10.1.12.2 200 i 

Note the only route that is advertised to Rl is the summary route. 
On kl 

Rl*Shipbgp 2.2.0.0/22 

BGP routing table entry for 2.2.0.0 22, version 17 
Paths: (1 available, best #1, table Default- IP-Routing- Table) 
Not advertised to any peer 
200, 1 aggregated by 2(1(1 2.23.2) 
10.1.12.2 from 10.1 1.2.2 (2.2.3.2) 
Origin 1GP, metric 0, localprcf 100, valid, external, atomic-aggregate, best 

On K2 

R2#Showjp_bgE 22.0.0/22 

BGP routing table entry for 2.2.0.0/22, version 7 
Paths: (1 available, best #1, tabic Default-] P-Routing- Table) 
Advertised to update-groups: 

I 
Local, I. aggregated hy 200 2.2.3.2) 
0.0.0.0 irom 0.0.0.0 (2.2. 3.2) 
Origin 1GP, localprcf 100, weight 32768, valid, aggregated, local, atomic-aggregate, best 

Note the output of the "Show ip hgp 2.2.0.0'22" command above, displays two different 
attributes, the "aggregator'' and the ''atomic-aggregate" attribute. 

The "aggregator" attribute identifies the AS number thai the aggregation was 
performed and it also identifies the router-id of the muter that performed the 
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By de i'a u It when aggregation is configured in BGP, the "atomic-aggregate" attribute is 
attached to the aggregate address: this alarms the administrator that certain 
information could he hidden. 

We know that the specific routes under that aggregate are always suppressed 'hidden 
when the summary or aggregation is performed under any routing protocol, hut in BGP 
another hidden or suppressed item is the actual AS number's that the specific routes 
were originated, 

An atomic-aggregate— This is an attribute that is assigned to the aggregate route 
automatically if the "as-set'" argument is not used in the "aggregate-address'" command. 
When an aggregation is performed, certain information is lost. In BGP that information 
is not only the more specific routes under that aggregate, but it can also be the AS 
numbers that the prefixes traversed through to get to the router that is performing the 
aggregation. If it's not corrected a routing loop can occur. In order to prevent the 
routing loops from occurring, the "AS- SEP" argument should be used when performing 
aggregation. 

The "AS- SET" argument used in the aggregate-address command reveals the AS 
number's that some, if not all the specific routes were originated from, once that 
information is revealed, the "atomic-aggregate" attribute is automatically removed. 

On R2 

R2(config')#ro Liter bgp 200 

R2 (con fig-router)** aggregate- ad dress 2.2.0.0 255.255.252.0 summary -only as-set 

To verify thi 1 configuration: 
On kl 



R1*Shipbgp 2.2. 0.0.22 

BGP routing tabic entry for 2.2.0. 0/22, version 22 
Paths: (1 available, best #1, tabic Default-] P- Routing- Tabic) 
Not advertised to any peer 
200, (aggregated by 200 22.32) 
1 0. I.I 2.2 from 10. 1. 12.2 (2.2.3.2) 
Origin 1GP, metric 0, localprcf 100, valid, external, best 

On k2 

R2*Shipbgp 2.2.0.0 22 
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BGP routing tabic entry tor 2. 2.0. 0/22, version 7 

Paths: (1 available, best #1, tabic Default-] P-Routing-Tablc) 

Advertised to update-groups: 

I 
Local, (aggregated by 200 223.2) 
0.0.0.0 lromO.0.0.01113.2) 
Origin 1GP, localprcf 100, weight 32768, valid, aggregated, local, best 

Note the atomic-aggregate is no longer attached to the aggregate-address. 



Task 3 

Reconfigure the routers using the follows diagram IP addressing information and ONLY 
advertise their Loopback interfaces in BGP. You can use the initial config tile for 
advertising and setting up the diagram. 
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Lab Setup: 

> Configure a frame-relay point-to-point connection between routers R I and R2. 

> Configure the FQ'O interlace of R2 and R3 in VL AX 23. 



II* addressing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LOO 


3.1.11.1 . .■ 24 


100 




SO/0, 12 


10.1.12.1 24 




R2 


Loll 


2.2.2.2 ,'8 


200 




SO/0.21 


10.1.12.2/24 






FO/C 


10.1.23.2 .'24 




R3 


LoO 


3.1.0.3,24 


300 




Lol 


3. 1.1.3. 24 






Lo2 


3.1.2.3.24 






Lo3 


3.1.3.3.24 






Lo4 


3.1.4.3.24 






Lo5 


3.1.5.3 ,'^4 






Lo6 


3.1.6.3.24 






Lo7 


3.1.7.3.24 






Lo8 


3.1.8.3 24 






Lo9 


3.1.9.3,24 






Lo 1 


3.1.10.3,24 






Lol 2 


3.1.12.3.24 






Lo 1 3 


3.1.13.3,24 






Lol 4 


3.1.14.3.24 






Lo I 5 


3.1.15.3.24 






FO/0 


10.1.23.3,24 





Task 4 

Configure router Rl in AS 1 00 to establish an EBGP session with R2 in AS 200, and 
router R2 in AS 200 should establish an EBGP peer session with R3 in AS 300. These 
routers should advertise their loopback interlaces in their AS. 



On Rl 

Rl (configure utcrbgp 100 
Rl(config-routcr)#no au 
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Rliconfig-roLitcr)#nctw 3. !. 1 1.0 mask 255.255.255.0 








RI(config-rt)uter)#ncighbor 10.1.12.2 rcmotc-as 200 








On R2 








R2(config)#ro liter bgp 200 








R2 (con fig-ro Liter)?* no au 








R2(config-routcr)#ncighbor 10.1.23.3 rcmotc-as 300 








R2(config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 








R2(config-routcr)#nctwork 2.0.0.0 








On 113 








R 3 (C O n figJrrTO LI t cr b g p 30 








R3(config-roLitcr)#ncighbor 10.1.23.2 rcmotc-as 200 








R3iconfig.routcr)#nct\v3.l.0.0 mask 155.^55^55.1) 








R3 (con fig-ro utcr)#nct\v 3 


1 


1.0 mask 255. ">55."»55.0 








R 3 f c o n fig-ro u t er)# net w 3 


1 


7 .0 mask ">55.">55. ">55.0 








R 3 (con fig-ro utcr)T>nct\v 3 


1 


3.0 mask 255.255.255.0 








R3 (c o n fig-ro u tcr)#nct\v 3 


1 


4.0 mask ^55J55. "»55.0 








R3 ( c o n fig-ro u tcr)r> net \v 3 


1 


5.0 mask ?55.">55.">55.0 








R 3 ( c o n fig-ro u tcr)#-nct w 3 


1 


6.0 mask 255.255.255 j0 








R3(oonfig-router)#iietw 3 


1 


7.0 mask 255.255.255.0 








R3 (con fig-ro utcr)#nctw 3 


1 


8.0 mask ~>55.->55.~>55.i) 








R3(config-routcr)T#nct\v 3 


1 


9.0 mask 255.255.255.0 








R3(config-routcr)?>nctw 3 


1 


10.0 mask 255.255.255.0 








R3 (c o n fig-ro u tcr)#nctw 3 


1 


12.0 mask 255.255.255.0 








R3(config-routcr)#nctw 3 


1 


13.0 mask 255.255.255.0 








R 3 ( c o n fig-ro u tcr)# net w 3 


1 


14.0 mask 255.255.255.0 








R3 icon fig-ro utcr)f*nctw 3 


1 


15.0 mask 255.255.255.0 








Tht! eon i'inu ration lor ad\ eiiisiiiL! Mil 1 12 prefixes ean be down 


.oaded IVoni Hie C7 1 > 




provided ivilli this workbook 






To verify the configuration: 








On R2 








R2#Sh ip bgp 








BGP tabic version is 15, local router ID is 2.2.2.2 








StatLis codes: s suppressed, d damped, h history, * valid, > best, i ■ 


internal, 






r Rl B - tail Lire, S Stale 
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Origin codes: i ■ 


lGP,c-EGP, 


? - incomplete 




Network 


Next Hop 


Metric LocPrf Weight Path 


*> 2.0.0.0 


0.0.0.0 





32768 i 


*> 3.1.0.0.24 


10.1.23.3 





300 i 


*> 3.1. 1.0.24 


10.1.23.3 





300 i 


*> 3.1.2.024 


10.1.23.3 





300 i 


*> 3.1.3.0 24 


10.1.23.3 





300 i 


*> 3. 1.4.0; 24 


10.1.23.3 





300 i 


*> 3.1.5.CV24 


10.1.23.3 





300 i 


*> 3.1.6.0 24 


10.1.23.3 





300 i 


*> 3.1.7.0 24 


10.1.23.3 





300 i 


*> 3.1.8.0 24 


10.1.23.3 





300 i 


*> 3.1.9.0/24 


10.1.23.3 





300 i 


*> 3. 1.1 0.0; 24 


10.1.23.3 





300 i 


*> 3.1. 11.0/24 


10.1.12.1 





100 i 


*> 3.1.12.0/24 


10.1.23.3 





300 i 


*> 3.1. 13.0 '24 


10.1.23.3 





300 i 


*> 3.1.14.0,24 


10.1.23.3 





300 i 


*> 3.1.15.0/24 


10.1.23.3 





300 i 



Task 5 

R2 should aggregate a!! the networks in 3.1 .0.0 address space and advertise a single 
aggregate route that only aggregates the Specific routes lor subnets under the 3.0.0.0 
network in it's BGP table, ensure that the atomic -aggregate attribute is not attached to the 
aggregate route. This aggregation should be configured such that Rl in AS 1 00 is the 
only AS that receives the aggregate route. R3 in AS 300 should NOT receive the 
aggregate route. Rl should use R2 as the next hop to reach any of the specific routes 
within the aggregate. R 1 should NOT use R2 if it's network 3. 1. 1 1.0 ;24 network is 
down. R3 docs NOT need NLR1 to network 3.1.11.0 ;24 advertised bv Rl . 



OnK2 

R2 should aggregate all the network* in 3.1.0.0 address space and advertise a single aggregate 
route that only aggregates the specific routes for subnets under the 3.(1. 0.0 network in it's BGP 
table, ensure that the atomic-aggregate attribute is not attached to the aggregate route. 

R2(config)#RoLitcrbgp 200 

R2(ccmf]g-miucr)saggreyate-address3.1.0.0 255.255.240.0 summary-only as-set 
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This command aggregates networks 3.1.0.0 .'24 — 3.1.15.0 .■'24 and only advertises the summary 






route and not all the specific routes, the "summary-only" ai~gument accomplish that. This 






aggregate route will not have the "atomic-aggregate*" attribute attached because the "as-set*" 






argument is used. 






leu verify the configuration: 






On R2 






R2*Sh ip bgp 






BGP tabic version is 63, local router ID is 2.2.2.2 






Status codes: s suppressed, d damped, h history'. * valid, > best, i - internal, 






r RIB -tai lure, S Stale 






Origin codes: i - 1GP, c - EGP, 7 - incomplete 






Network Next Hop Metric LocPrf Weight Path 






*> 2.0.0.0 0.0.0.0 32768 i 






s> 3. 1.0.0/24 10.1.23.3 300 i 






*> 3 . 1 . 0. 0/20 . a 0. 1 32 76 8 [3 00 , 1 00 ) i 






s> 3. 1.1.0/24 10.1.23.3 300 i 






s> 3. 1.2.0 24 10.1.23.3 300 i 






s> 3. 1.3.0 24 10.1.23.3 300 i 






s> 3. 1.4.0,24 10.1.23.3 300 i 






s> 3. 1 .5.0,24 10.1.23.3 300 i 






s> 3. 1 .6.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.7.0/24 10.1.23.3 300 i 






s> 3. 1.8.0/24 10.1.23.3 300 i 






s> 3. 1 .9.0 24 10.1. 23 . 3 300 i 






s> 3. 1.10.0/24 10.1.23.3 300 i 






s> 3.1.1 1.0.24 10.1.12.1 100 i 






s> 3. 1 . 1 2.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.13.0/24 10.1.23.3 300 i 






s> 3. 1 . 1 4.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.1 .5.0 24 10.1.23.3 300 i 






Note the specific routes are suppressed (The letter "S" to the left of the ">'" sign). The curly 






brackets in the path column identify the AS numbers that the specific mutes originated from. 






Because the AS numbers are mm included in the path column, neither Rl in AS 100 nor R3 in AS 






304 will have tliu aggregate route in their BGP table. 






CJnRl 






R 1-Sh ip biip 
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BGP table version is 130, local router ID is 3.1.12.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - interna!, 

r RIB-tailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10. 1.12.2 200i 

*> 3.1.1 1.0 24 0.0.0.0 32768 i 

On R3 

RJ#Sh ip bgp 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best,, i - internal, 

r RIB-tailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 



200 



Network 


Next Hop 


Metric LocPrf Weight 


*> 2.0.0.0 


10.1.23.2 








*> 3.1.0.0 24 


0.0.0.0 





32768 


*> 3.1.1.024 


0.0.0.0 





32768 


*> 3.1.2.0/24 


0.0.0.0 





32768 


*> 3.1.3.0 24 


0.0.0.0 





32768 


*> 3.1.4.024 


0.0.0.0 





32768 


*> 3.1.5.0/24 


0.0.0.0 





32768 


*> 3.1.6.0/24 


0.0.0.0 





32768 


*> 3.1.7.0 24 


0.0.0.0 





32768 


*> 3.1.8.0/24 


0.0.0.0 





32768 


*> 3.1.9.0 24 


0.0.0.0 





32768 


*> 3.1. 10.0 24 


0.0.0.0 





32768 


*>3.1.12.Q/24 


0.0.0.0 





32768 


*> 3.1. 13.0.24 


0.0.0.0 





32768 


*> 3.1. 14.0 24 


0.0.0.0 





32768 


*> 3. 1.1 5. 24 


0.0.0.0 





32768 



Note Rl and R3 do NOT ha\ e IIil 1 aggregate route in their BGP table. 

This aggregation should he configured such that Rl in AS 100 is the only AS that receives the 
aggregate route, R3 or future peer neighbors should NOT receive the aggregate route. Rl should 
use R2 as the next hop to reach any of the specific routes within the aggregate 

R2(config)#ip as- path access-list 1 permit A 3(HIS 
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The above command identifies AS number 300. 

R2(config)#routi>map 1 ST permit 10 
R2(canfig-mutc-map)#match as-path 1 

The "route-map" command references the "as-path access-list 1". 

R2(config-routcr)r*aggregate- ad dress 3.1.0.0 255.255.240.0 as-set summary-only advertise- map 
TST 

The ''advertise-map'" command assigns the route-map "TST'" to the "aggregate address'" 
command. 

To verify the in mil miration: 

OnRl 

RlffShow ip bgp 

BGP tabic version is 12, local router ID is 3.1.0.1 

Status codes: s suppressed, d damped, h his tory, * valid, > best, i - internal, 

r RIB-tailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 " 200 i 

*>3.1.0.O''20 10.1.12.2 200 300 i 

On R3 

R3f*Sh ip bgp 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-tailurc, S Stab 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf Weight Patr 


*> 2.0.0.0 


10.1232 





200 


*> 3.1.0.0/24 


0.0.0.0 





32768 i 


*> 3.1.1.0/24 


0.0.0.0 





32768 i 


*> 3.1.2.0/24 


0.0.0.0 





32768 i 


*> 3.1.3.0/24 


0.0.0.0 





32768 i 


*> 3.1.4.0/24 


0.0.0.0 





32768 i 
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*> 3.1.5.0 24 


0.0.0.0 





32768 


*> 3.1.6.0/24 


0.0.0.0 





32768 


*> 3.1.7.0/24 


0.0.0.0 





32768 


*> 3.1. 8.0/ 24 


0.0.0.0 





32768 


*> 3.1.9.0/24 


0.0.0.0 





32768 


*> 3.1.10.0/24 


0.0.0.0 





32768 


*> 3.1. 110 24 


0.0.0.0 





32768 


*> 3.1. 13.0 24 


0.0.0.0 





32768 


*> 3X14024 


0.0.0.0 





32768 


*> 3.1.15.0 24 


0.0.0.0 





32768 



Note R3 gets the aggregate route but it rejects it because it sees its own AS number in the as -path 
list. Rl receives and processes the agyregate route because it does not see its own AS number in 
the as-path list advertised by R2. 

The following shows all the routes that are advertised by R2 to its neighbor 10.1.23.3: 
On R2 

R2#Show ip bgp neighbors 10.1.23.3 advertised- routes 

BGP tabic version is 64, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 2.0.0.0 0.0.0.0 32768i 

*>3.L0.Q.''20 0.0.0.0 100 32768 300 i 

Total number oi" prefixes 2 

The output of the following display shows all the mutes received and accepted by R3: 

On R3 

R3r*Show ip bgp neighbor 10. 1.23.2 routes 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - IGP, c - EGP, 7 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
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*> 2.0.0.0 10.1.23.2 200 i 

Rl should NOT use R2 if it'* network 3.1.11.0 24 network is down 

OnRl 

Rl(config)#ip route 3.1.11.0 255.255.255.0 M LT0 

To verify the configuration: 

OnRl 

Rl#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, - OSPF, LA - OSPF inter area 
N I - OSPF NSS A external type 1 , N2 - OSPF NSSA external type 2 
E 1 ■ OSPF externa! type I , E2 ■ OSPF externa] type 2 
i - IS-IS, su - 1S-1S summary, LI - 1S-IS level- 1, L2 - 1S-IS lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - per-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 2.0.0. 08 [20/0 J via 10.1.12.2, 01:55:29 

3.0.0.0/8 is variably subnetted, 2 subnets. 2 masks 
B 3.1.4X000 [20/0] via 10. 1.12.2, 00:18:34 
C 3.1.11.0/24 is directly connected, LuopbackO 

1 0.0. 0.Q'24 is subnetted, I subnets 
C 1 0.1. 12.0 is directly connected, ScriakTO. 1 2 

Note 3.1.1 1.0 .'24 is directly connected, to test this condition we should shut down the interface and 
check the mutiny table again, as follows: 

OnRl 

Rl(config')#int loO 
Rl(config-il>Shut 

R l#SJMijw ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, IA - OSPF inter area 

N 1 - OSPF NSSA external type 1, X2 - OSPF NSSA external type 2 
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El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, sli - IS-IS summary, L I - IS-IS level- 1 ,'l.2 - IS-IS krvcl-2 
ia - IS-IS inter area, * - candidate default, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 2 .0 .0 . 0/8 [20/0 J v ia 1 . 1 . 1 2 .2 s 1 : 5 8 : 1 4 

3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
B 3.1 .0.020 [20 0] via 10. 1. 12.2, 0O:2I: 1 9 
S 3. 1 . 1 1 .0/2 4 is d i red ly Of) nn ee t ed , Nu 1 10 

10.0.0.0/24 is subnetted, I subnets 
C 10.1. 12.0 is directly connected, ScrialO/0. 1 2 

Note if the interface is down all the traffic destined for the network is forwarded to the NULL0 
interface, and therefore, it won't he forwarded to R2. 



Task 6 

Configure R2 such that a cost of 50 is assigned to the aggregate route. 



On R2 

R2(config)#routc-map COST permit 10 
R2(config-routc-map)#sct metric 50 
R2(config)#ro utc- map COST permit 20 

R2i;config)#rauter bgp 200 

R2(config-routcr)r* aggregate-address 3. 1.0.0 255.255.240.0 summary-only advertisc-map 1ST as-set 

attrihute-map COST 

The attrihute map identifies the name of the route-map used to set the attrihute's of the aggregate 

route. 

To verify the configuration: 

On Rl 
Rl#Show ip bgp 
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BGP table version is 1 3, local router ID is 3. 1 . 1 I.I 

Status codes: s suppressed, d damped, h history, * valid, > best, 

r RlB-failurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 



- internal. 



Network Next Hop 

*> 2.0.0.0 10 .1. 1 2.2 

*> 3.1. 11.0/24 0.0.0.0 

*> 3.1.0.0/20 10.1.122 



Metric LocPrf Weight Path 
" 200 i 

32"68 i 

50 200 300 i 



Note Rl get the aggregate route \*ith a cost of 50. 



Task? 



The policy lor Rl requires that it should receive the aggregate route plus one of the more 
specific subnets (3. 1.3.0 .'24"). This policy should be configured and tested in three 
different ways using a supprcss-map, and unsupprcss-map. 



To test the Suppress-map scenario #1: 

On R2 

R2(confIg)#acccss-list 1 deny 3. 1.3.0 0.0.0.255 
R2(c on figj#ac cess- list 1 perm it any 

R2(config)#routc-map SL'PP permit 10 
R2iconllg-routc-map)r^match ip addr 1 

R2(confIg)#routcrbgp 200 

R2 icon fig -routcr)# aggregate- ad dress 3. 1.0.0 255.255.240.0 summary-only advertise- 

map 1ST as-set attribute-map COST suppress-map SL'PP 

To verify the configuration: 
On Rl 

Rl^Show ip bap 

BGP tabic version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history. * valid. > best, i - internal 
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Metric LocPrf 


Weight Path 





Q 200 i 





32768 i 


50 


200 300 i 




20(1 3(H) i 



r RIB -failure, S Stale 
Origin codes: i - 1GP. c - EGP, ? - incomplete 

Network Next Hop 

*> 2.0.0.0 10.1.12.2 

*> 3.1.11.0/24 0.0.0.0 

*> 3.1.0.0/20 10.1.12.2 

*> 3.1.3.0724 10. 1.1 2.2 

To test the suppress-map scenario ^2: 

On R2 

R2(config)#NO access-list 1 
R2iconfig)#acccss-list 1 permit 3.1.3.0 0.0.0.255 

R2(config)#Routc-map STPPdeny 10 
R2(config-roiuc-map)#Match ip addr I 
R2(config)#Routc-map Sl'PP permit 20 

R2(eonfig')#routcrbgp 200 

R2(config-routei-)£M) a ggreg ate- address 3.1.(1.(1 255.255.240.(6 sum ma 17, -only 

advertise- map I SI as-set attribute-map COST suppress-map STPP 

To verify the configuration: 

On Kl 

Rlgghowjgbgg 

BGP table version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-lailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1. 1 2.2 200 i 

*> 3.1.11.0/24 0.0.0.0 32768 i 

*> 3 . 1 . 0. 0/2 1 0. 1 . 1 2.2 50 200 3 i 

*>3. 1.3.0/24 KU. 12.2 200 300 i 

10 test L ns impress -map scenario ?3; 
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R2(config')#M) route- map SUPP 








R2(config)#routc*map Sl'PP permit 10 
R2(config-routc-map)#iiiateh ip addr 1 








R2(config)#Routcr bgp 200 

R2(config-routcr)r i aggregate-address 3. 1.0.0 255 

map IS 1 as-set attribute-map COST 


.255.240.(1 summa 


ry-cHilv 


advertise- 


This command lakes oil' the suppress-map 








R2(oonfig-roLitcr)rrneighl)(jr 10.1.12.1 unsuppress-map SUPP 






To verify the configuration: 








On Rl 








Rl#ShCFW ip bgp 








BGP tabic version is 14, local router ID is 3.1.1 1.1 
Status codes: s suppressed, d damped, h history, * 
r RIB -iailurc,S Stale 


valid, > best, i - internal, 




Origin codes: i - 1GP, e - EGP, ? - incomplete 








Network Next Hop Metric LocPrf 
*> 2.0.0.0 10.1.12.2 
*> 3.1.11.0/24 0.0.0.0 
*> 3. 1.0. 0.20 10.1.12.2 50 
*> 3.1.3.0/24 10.1.12.2 


Weight Path 
" 200 i 
32768 i 

200 300 i 
200 300 i 







Task 8 



Remove the configuration commands from the previous step. 



On K2 

R2iconfig)#NO route-map Sl'PP 
R2(config^\Q aeeess-list 
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RZfcontlg^Routcr bgp 200 

R2(config-routcr) fi: M) neighbor 10.1.12.1 un suppress -map SUPP 

in verify the configuration: 



On kl 

Rlf*Sho\v ip bgp 

BGP tabic version is 14, local router ID is 3. 1 . 1 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, '.' - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1.! 2.2 "0 200i 

*> 3.1.11.0/24 0.0.0.0 32768 i 

*> 3 . 1 . 0. 0/20 1 0. 1. 1 2.2 50 200 300 i 



Task 9 

Configure Rl so it has the aggregate route plus the specific ro utc that it wanted to have in 
its BGP table i 3. 1 .3.0 24). Rl should NOT advertise this subnet, configure a static route 
or use the redistribute command to accomplish this task. R2 should NOT be configured 
for this task. 



To accomplish this task on Rl, we can use the combination of Exist-map and Inject — 
map. The Exist-map matches on the aggregate address and the router that advertised 
the aggregate address (route-source command in the mute-map called "EXIST"). The 
Inject-map injects the IP addresses identified by the route-map called INJECT, if the 
condition of the Exist-map is true. Therefore, if the muter that advertised the 
aggregate address and the aggregate address exist, then, inject what ever that is 
specified in the prefix-list that is referenced by the route-map INJECT. 

To verify the BGl* table of kl before the configuration: 

On kl 

Rl#Show ip bgp 
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BGP tabic version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 " G 200 i 

*> 3.1. 11. 0/24 0.0.0.0 32768 i 

*> 3 . 1 .0. 0/20 1 0. 1 . 1 2. 2 50 20 3 00 i 

To ui.:m It^uru: 

On kl 

Rl(config')#ip prefix-list NET permit 3.1.3.0/24 
Rl (config)#ip prefix -list AGG permit 3. 1 .0.0/20 
Rl(config)#ip prefix-list R2 permit 10.1.12.2 32 

R 1 (c o n fig )#ro utc- map EXIST permit 10 

Rl (con fig-route- map)« match ip addr prefix -list AGG 

R 1 icon fig-route- map )r*match ip route- source prefix -list III 

Rl (configure utc- map INJECT permit 10 
Rli'config-routc-map)T#sct ip addr prefix-list NET 

R 1 (config)#Routcr bgp 1 00 

R! (config-routcr)#bgp inject-map INJECT exist- map EXIST 

To verify the configuration: 

On kl 

R l~Sho\v ip bgp 

BGP tabic version is 6, local router ID is 10. 1 .1 2.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 

r RIB -tail urc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1.1 2.2 " 200 i 

*> 3 . 1 . ft 0/20 I ft I . I 2.2 50 200 300 i 

*> 3.1.3.0/24 10.1.12.2 D? 

*> 3.1.11.0/24 0.0.0.0 32768 i 
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Note the subnet is in the BGP table of Rl, 



Task 10 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 6 
The Co mm unitv Attribute 




\ AS 400 / AS 500 

N j V j 



l.al> Si'tup: 

> Con tig urc the routers that arc connected to the frame- re lay clouds in a po int-to- 
point manner. 

S* R2 and R3's FO/0 interface should be configured in VLAN 23. 

> Use the following IP address chart for IP assignment. 
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AS <& I V addressing chart: 



Router 


Interface 


IP Address 


AS Number 


Rl 


LoO 


1.1.1.1 .8 


100 




SO 0.12 


10.1.12.1 ,24 




R2 


LoO 


2 2 2.2 '8 


23 (HI 




SO/0.21 


10.1.12.2/24 






SO/0. 24 


10.1.24.2 . H 4 






FO/0 interface connection to R3 


10.1.23.2. a 4 




R3 


LoO 


T T T T iO 

J> .3 . Jf.Jf :0 


2300 




FO/0 interface connection to R2 


10.1.23.3/24 






SO 0.35 


10.1.35.3 ^4 




R4 


LoO 


4.4.4.4 /B 


400 




SO/0.42 


10.1.24.4/24 




Rf 


LoO 


5.5.5.5 /'8 


500 




SO 0.53 


10.1.35.5 24 





Task I 



Configure EBGP peer session's between the routers based on the above "AS & IP 
addressing chart". These routers should ONLY advertise their Loopback interface's in 
BGP. These BGP routers should use their Loopback ! s IP address as their Router id. 
Ensure that every router has NLR.1 to every link in this lab using RIPvZ. 



On All Routers 

(config)r ! Router rip 

( co nfig-ro u t cr) # No ail 

(config-routcr)#Vcr 2 

( con%-rautcr')#N'ct\vork 1 0. 0. 0.0 

On Rl 



I.I 



R I (config)#ro liter bgp 1 00 

Rl(config-routcr)#bgp router-id 1 
Rl fconfig-routcr.^nctw 1 . 0. 0.0 
R 1 (c o n fig-r o u t cr )#no au 
Rl(conflg-routcr)#ncighbor 10.1.12.2 remotc-as 2300 

On R2 

R2 (c o n fig )P r o u t cr b g p 23 
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R2(config-routcr)#bgp routcr-id 2.2.2.2 








R2(config-routcr)#nct\v 2.0. 0.0 








R2(config-routcr)r*no au 








R2(ccmfig-roiitcr)r*ncighbor 10.1.12.1 rcmotc-as 100 








R2 (con fig-ro utcr)#ncighbor 10.1.23.3 rcmotc-as 2300 








R2 f c o n fig-ro u tcr)#ncighbo r 10.1. 24 . 4 rcmo t c- as 40 








On R3 








R 3 ( c o n fig-ro u ter bgp 23 








R3iconfig-routcr)#bgp routcr-id 3.3.3.3 








R3(config-routcr)#nctw 3.0.0.0 








R3 (c o n fig-ro u t er)S no au 








R3(LUJn fig-ro utcr)#ncighbor 10.1.23.2 rcmotc-as 2300 








R3(corif]g-routcr)#ricighbor 10.1.35.5 rcmotc-as 500 








On R4 








R4 (con fig-ro Liter bgp 400 








R4 (c a n fig -ro u ter)# bgp r o ut er-id 4 .4 . 4. 4 








R4(config-roLitcr)r*nctw 4.0. 0.0 








R4 (c o n fig-ro u tcr)?* no au 








R4(config-routcr)#ncighbor 10.1.24.2 rcmotc-as 2300 








On R5 








R5 fc o n fig-ro u t cr b g p 50 








R 5 icon fig-router)?* bgp routcr-id 5.5.5.5 








R5(config-routcr)* ! nct\v 5.0. 0.0 








R5(config-roLitcr)r*no au 








R5 icon fig-ro utcr)#ncighbor 10.1.35.3 rcmotc-as 2300 








To verify the configuration: 








On RI 








Rl-Show ip bgp 








BGP tabic version is 6, local router ID is 1 . 1 . 1 . 1 








Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 






CCIE R&«* by Nurbflc KuL-hurians Advanced OCIE R&S Work Book 2.11 


Pqge?21ofl668 


C 204)9 NirbibKiichariini. All riflhU reserved 





Network 


Next Hop 


Mark: LocPrf 


Weight Path 


*> 1.0.0.0 


0.0.0.0 





32768 i 


*> 2.0.0.0 


10.1.12.2 





2300 i 


*> 3.0.0.0 


10.1.12.2 




2300 i 


*> 4.0.0.0 


10.1.12.2 




2300 400 i 


*> 5.0.0.0 


10.1.12.2 




2300 500 i 



Task 2 

Using the community attribute configure Rl such that when it ad vcrtiscs network 1.0.0.0 
/g to R2 in AS 200, the network is not advertised to any ol"R2's 1BGP or EBGP 

neighbors. 



The community attribute is a numerical value that ean be attached to a given prefix 
and advertised to a specific neighbor, once the neighbor receives the prefix, it will 
examine the community value and it will perform either filtering or use that value 
for route selection process. 

By default no community attribute is sent to any neighbor. To specify that a 
community attribute should be sent to a BGP neighbor, the "neighbor send- 
community" command is configured in the router config mode. 
The well known communities are as follows: 

> Internet —If assigned to a networks, that network's should be advertised. 

> Local-its- If assigned to a network's, that network's should ONLY be 
advertised within that AS. 

> No-advertise — If assigned to a network's, that network's should NOT be 
advertised to any BGP neighbor. 

> No- export — If assigned to a network's, that network's should NOT be 
advertised to an EBGP neighbor. 

On kl 

Note before con fit* tiring an access-list, always perform a "Show access- 
list" 1 command to t-nsuri 1 thai an existing aiTi'SS-list v>il not get 
overridden. 

Rl(con%^acccss-list I permit 1 .0.0.0 0.255.255255 

The access-list is used to identify the neti>ork: Prefix-lists can also be used fro this 
purpose. 
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R! (config)f*routc-map IKS! permit 10 

R I (c o n fig -route- map )# match ip addr I 

Rl (config-roLitc-map)r*sct community no-advertise 

R 1 (c o n fig-ro u t o map )#ro u t c- m ap TEST p crmit 20 

Note (he above route-map matches on the access-list and sets the community to one 
of the well known community attribute of" no-advertise", this well known 
community attribute tells the receiving router NOT to advertise the prefix to any of 
it's neighbor s (1BGP or EBCiP). 

The "route-map TST permit 20'" is the catch-all route-map; it basically matches any 
network not matched with the match keyword in the "route-map TST permit 1(1". 

Rl (configure utcrbgp 100 

Rl (con fig-ro utcr)fmcighbor 10.1. 12.2 send-community 

Rl (config-router)#ricighbor 10.1.12.2 route-map TEST out 

In the above commands, we are sending the community and assigning the mute- 
map to a given neighbor in the out direction. 

The direction of the route-map specifies which routers decision should be influenced 
by this policy, if it should affect neighbor's decision, then, the direction of the route- 
map should be "out", but if the local router's decision should be influenced, then, 
the direction of the route- map should be "in". 

To verify the configuration: 

On R2 

R2*Shipbgp 1.0.0.0 

BGP routing table entry for 1.0.0.0/8. version 8 

Paths: (I available, best #1. table Default-] P- Routing-Table, not advertised to any peer) 
Not advertised to any peer 
inn 
10. 1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin 1GP, metric 0, localprcf 100, valid, external, best 
Community: no- advertise 

Note the community attribute from R2's perspective. Since 112 does NOT advertise 
the network R3 and the other EBGP neighbor won't have any knowledge of this 

route. 

On \U 
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R3*Shipbgp 1.0.0.0 
% Network not in table 

On K3 

R3#Show ip bgp 

BGP tabic version is 8, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history;, * valid* > best* i - internal;, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>i2 .0.0.0 10.1.23.2 

*> 3.0.0.0 0.0.0.0 

*>i4 .0.0.0 10.124.4 

*> 5.0.0.0 10.1.35.5 

On R4 

R4#Sh ip bgp 

BGP tabic version is 7, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.24.2 ~ 2300 i 

*> 3.0.0.0 10.1.24.2 02300! 

*> 4.0.0.0 0.0.0.0 32768 i 

*> 5.0.0.0 10.1.24.2 2300 500i 






100 


i 







32768 i 





100 


400 







500 



Task 3 

Configure R5 such that when it advertises its network 5.0.0.0 to R3 in AS 2300, the 
routers in AS 2300 do NOT advertise that network to any of their EBGP peer s. DO NOT 
configure R3 to accomplish this task. 



On R5 
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Note before configuring an access-list, always perform a "Show access-list" command 
to ensure that an existing access-list nil not get overridden. 

R5(config-routcr)#act: ess-list 1 permit 5.0.0.0 

R5(config)#routc-map TST permit 10 
R5(config-rcuuc*rnap)?*match ip addr 1 
R5 (c o n fig-ro u t c- map )#sct co m mu n it y n o -ex po rt 
R5 (con fig-route- map')?* route-map TST permit 20 

R5(config)r*roLitcrbgp 500 

R5(config-rautcr)rrneighbor 1 0. 1. 35. 3 send-community 
R5 (con fig-ro uter)#ncighbor 10.L35.3 route-map TST out 

This is another well knoivn community. In this case network 5.0.0.(1 1> ill ONLY be 
advertised to the routers in AS 2300. The routers in AS 2300 will NOT advertise this 
network to any of their EBGP neighbors. BUT REM EMBER THAT BY DEFAULT 
ROUTERS WILL STRIP THE COMMUNITY ATTRIBUTE, therefore, in this case 
R3 should be configured to send community to R2, or else R2 \>ill advertise that 
network to its EBGP peers. 

To verify the configuration: 



On K3 

R3(config)#Routcrbgp 2300 
R3(conf]g-routcr)#Neighbor 10.1.23.2 send- community 

R3*Shipbgp 5.0.0.0 

BGP routing tabic entry for 5.0.0.0/8, version 8 

Paths: (1 available, best #1, tabic Default- IP -Routing-Table, not advertised to EBGP peer 
Flag: 0x880 
Advertised to update-groups: 

i 
500 
10.1.35.5 from 10.1.35.5 (5.5.5.5) 

Origin 1GP, metric 0, localpref 100, valid, external, best 
Community: no-export 
To test this configuration further, a point-to-point frame- relay connection and an 
EBCiP peer session can be established between R3 and R4. R4 should NOT retch c an 
update for network 5.0.0.0 from R3, but R4 will receive an update for network 5.0.0.0 
from R2. 
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Task 4 

Confgure R3 :n AS 2300 to Lid\ aT.sc network. 3.0.0.0 8 to the routers in its ov.n AS 
ONLY. R3 should NOT advertise this network to any of its EBGP peers. 



On K3 

"soti 1 bi't'orf i'<m figuring an ai'iTss-list. ahnavs pit form a "Slum ai'iTss- 
list" command to ensure that an existing access-list nil ntit get ovcrridde n. 

R3(config)#routc-map TST permit 10 

R3 (eon fig-route- map )#sct community lot a I -as 

R3(config)#Routcr bgp 2300 

R3(eonfig-routcr)n\ctwork 3.0.0.0 route-map TST 
R3(config-routcr)#Ncighbor 10.1.23.2 send-community 

Note in this case the "route-map TEST'" command, is applied to the inbound, because it 
should affect the local router for that network and community. 

To verify the configuration: 

On K3 

R3*Shipbgp 3.0.0.0 

BGP routing table entry for 3.0.0.G'8, version 5 

Paths: (1 available, best #1, table Dcfault-lP-Routing-Tablc, not advertised outside local 
AS) 

Flag: 0x820 
Advertised to update-groups: 

1 
Local 
0.0.0.0 ftom 0.0.0.0 (3.3.3.3) 
Origin IGP, metric 0, localprcf 100, weight 32768. valid, sourccd, local, best 
Community: I oca I- AS 

R5f*Sh ip bgp 

BGP tabic version is 16, local router ID is 5.5.5.5 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1C3P, c - EGP, ? - incomplete 
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Network 


Next Hop 


Metric LocPrf Weight Path 


*> 2.0.0.0 


ia 135.3 


2300 i 


*> 4.0.0.0 


10.1.35.3 


2300 400 i 


*> 5.0.0.0 


0.0.0.0 


32768 ■ 



Task 5 

Rl is advertising network 1.0.0.0 which has an attached community attribute of "no- 
advertisc*" to R2 (Task 2). Router R2 should be configured to advertise network 1 .0.0.0 to 
all of its 1BGP and EBGP peers. You should utilize a well known community attribute to 
accomplish this task. 



On R2 

Note before configuring R2, we should display the prefix in BCiP as follows: 

R2*Showipbgp 1. 0.0.0 

BCjP routing table entry for 1.0.0.0/8, version 6 

Paths: (1 available, best #1, table Default- IP- Routing-Table, not advertised to any peer) 
Not advertised to any peer 
100 
10.1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin IGP, metric 0, localprcf 100, valid, external, best 
Community: no-advertise 

R2 can be configured to assign a \\ell kmmn community of "Internet'" to this 
network, when the "Internet" community is assigned to a network, that network will 
be advertised to all peers. 

Tij u ■ :■ 3 1 llijtiru: 

Noti 1 bdori 1 configuring an iiiTi-ss-list. ah\avs perform a "Slum 

;n:iL'iL-ss-]is t" 1 command to ensure t J l -it an existing ac^ ess-list wil not get 
overridden. 

R2(config)#acccss-list 1 permit 1.0.0.0 

R2(configteroutc-map 1ST permit 10 
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R2(conf]g-routc-inap)#match ip addr 1 

R2 (con fig-route- map )#sct community Internet 

R2 (con fig)#ro Liter bgp 23 00 
R2(config-routcr)#ncighbor 10.1. 12.1 route-map TST in 



Tu verify the configuration: 



On R2 

R2*Sho\v ip bgp 1.0.0.0 

BGP routing tabic entry lor 1.0.0.0 8,, version 2 

Paths: (1 available, best #1, table Detail It -IP-Routing-Table) 

Advertised to update-groups: 

I 2 

100 
10.1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin 1GP, metric 0, localprcf 100, valid, externa!, best 
Community: internet 

On K4 

R4"Sho\v ip bgp 

BGP tabic version is 22, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-lailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.24.2 2300 100i 

*> 2.0.0.0 10.1.24.2 2300 i 

*> 3.0.0.0 10.1.24.2 023001 

*> 4.0.0.0 0.0.0.0 32768 i 

*> 5.0.0.0 10.1.24.2 2300 500i 

On K3 

R3"Sh ip bgp 

BGP table version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal. 
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rPJB- 


■failure, S Stale 






Origin codes: 


i-]GP,c-EGP 


? - incomplete 


Network 


Next Hop 


Metric LocPrf Weight Path 


*>iL0.0.0 


10. 1.12.1 





100 100 i 


*>i2 .0.0.0 


10.1.23.2 





100 i 


*> 3.0.0.0 


0.0.0.0 


(1 


32768 i 


*> i4.0.0.0 


1 ft 1 .24.4 





100 400 i 


*> 5.0.0.0 


10.1.35.5 





500i 



Task 6 

Erase the startup config and reload the routers before proceeding to the next task. 

Task? 

Configure the routers according to the diagram/chart below and use the IP addressing and 
AS numbering identified in the chart. 
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S 



AS 100 



■v. 




Lab Setup: 

> Configure the routers that are connected to the frame-relay clouds in a po int-to- 
point manner. 

> R l should have two point-to-point sub- interfaces, one connecting to R2 and the 
other eonnccting to R3. 

> R2 and R3 should be configured with a single point-to-point connection to R l 
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II* a ililt T'ssing: 



Router 


Interface 


IP Address 


AS nu in her 


Rl 


LoO 


1.1.1.1 8 


100 




SO G.I 2 


10.1.12.1 ,24 






SO 0.13 


10.1.13.1 24 




R2 


LoO 


20.1.2.2 24 


200 




Lol 


20.13.2 £4 






SO/0.21 


10.1.12.2/24 




R3 


LoO 


30.1.2.3/24 


300 




Lol 


30.1.3.3/24 






SO 0.31 


10.1.13.3 ,24 





On Rl 

R 1 (config')#ro titer bgp 100 
Rl (config-routcr)#nctw 1.0. 0.0 
Rl(config-router)#no au 
R I (c onfig-rou tcr)#ncighbor 
R 1 iconfi£-routcr)#ncighbor 

On R2 



0.1.12.2 rcmotc-as 200 
0.1.13.3 rcmotc-as 300 



R2(config-ii>routcr bgp 200 

R2k:onfig-rotitcr)#no au 

R2i;c onfig-rou ier)# net work 20.1.2.0 mask 255.255.255.0 

R2i:config-routcr)*nct\vork 20.1.3.0 mask 255.255.255.0 

R2(config-routcr)#ricighbor 10.1.12.1 rcmotc-as 100 

On K3 

R3(config-ii> ! ro titer bgp 300 

R 3 (c o n fig -ro u t er) * no au 

R3i;config-routcr)snctw 30.1.2.0 mask 255.255.255.0 

R3fconfig-roLitcr)#nctw 30. 1.3.0 mask 255.255.255.0 

3(config-routcr)#ncighbor 10.1.13. 1 rcmotc-as 100 

'i'o verify the conf'iauratiiHi: 
On Rl 



R l-Shuv. :p bgp 
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BGP tabic version is 6, local router ID is 1 .1 . 1 . I 


Status codes: s 


suppressed, d damped, h history, * valid, > best, i - internal, 


r RIB- 


failure. S Stale 




CD rig in codes: i 


- IGP.e-EGP, 


? - incomplete 


Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


0.0.0.0 


32768 i 


*> 20. 12.0/24 


10.1.122 


200 i 


*> 20. 1.3.0/24 


10.1.122 


200 i 


*> 30. 12.0/24 


10.1.13.3 


300 i 


*> 30. 1.3.024 


10.1.13.3 


30 Oi 



Task8 

Ensure that Rl uses AS 200 to connect to networks in subnet 2 (20.1.2.0 24 and 30.1.2.0 
.24) and AS 300 to connect to networks in subnet 3 (20.1 .3.0 .24 and 30. 1.3.0 /24). You 
must use community tags in AS 200 and 300 and neighbor commands on Rl to 
accomplish this task. 



On R2 

R2(config)#acccss-list 2 permit 20. 1.2.0 0.0.0255 

R2(eonfig)#access-list 3 permit 20. 1.3.0 0.0.0255 

R2(config)#routc-map TST permit 10 
R2 (con ilg-routc- map )#match ip addr 2 
R2(config-routomap)#!ict community 2 

R2 (c o n fig )# rout c- map TST perm it 20 
R 2 1 c o n fig -r o u t c- map ) U mate h ip ad d r 3 
R2(config-routc-map)#sct community 3 

Note the above command "set community" tags the route's identified in the access- 
list. 

R2 1 eonfig)#ro utc-map TST permit 30 

R2(config)#routcrbgp 200 
R2(config-routcr)n : neiyhl>or 10.1.12.1 send-eommunity 
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R2(config-routcr)#neighhor 10.1.12.1 route-map TST out 

On K3 

R3i;config)#acccss-list 2 permit 30.1.2.0 0.0.0.255 

R3(config)#acccss-list 3 permit 30. 1.3.0 0.0.0.255 

R3(config)#routc-map TST permit 10 
R3(config-routc-map)#match ip addr 2 
R3(config-routc-map)#sct community 2 

R3(config)#routc-map TST permit 20 
R3 (con fig-route- map )#match ip addr 3 
R3 ( c o n fig -ro u t c- map )# set c o m mu n ity 3 

R3(config)#roLitc-map TST permit 30 

R3(config)#routcrbgp 300 

R3(config-rautcr)#ncighbor 10.1.13.1 send- community 
R3 f c o n fig-ro u tcr)#ncighbo r 10.1.13.1 route- map TST o u t 

Note Rl can display the routes via their assigned community tags: 

On Rl 

Rl#5how ip bgp community 2 

BGP tabic version is 1 8, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 20. 1 2 .0/24 10.1.122 " 200 i 

*> 30. 1 .2.0 '24 1 0. 1 . 1 3.3 300 i 

Note these are the routes that R2 and R3 tagged using community 2. 

Rl#Sho\v ip bgp community 3 

BGP tabic version is 18, local router ID is 1. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
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r RlB-failure r S Stale 
Origin codes: i- 1GP. e - EGP. ? - Incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>20.1.3.0'24 10. J .12.2 200 i 

*> 30.1. 3.024 1 0.1. 1 3. 3 300 s 

Nate these are the routes that R2 and R3 tagged using community 3. 

On Rl 

RI(config)r*ip community- list standard TST2 permit 2 

RI(config)rip community-list standard TST3 permit 3 

Rl is identifying the community tags using a community- list. This is like writing an 
access-list to identify a given route's. 

RI(cofifig)*Toute-iTiap TEST permit 10 

R I (config- route-map )£ match community TST2 

Rl(conftg-route-map)r*sct ip nest-bop 10. J. 12. 2 

RI(config)#route-map TEST permit 20 

R I (config- route-map )~match community TST3 

R I (config- route -map )£ set ip next-hop 10. J. 13. 3 

R I (config) Mroute -map TEST permit 30 

The communities are matched and the policy is assigned. 

RI('config)rTouterbgp 100 

RI(confIg-router)&neighbor 10. 1 .12.2 route-map TEST in 

RI(config-router)£neighbor 10. 1 .13.3 route-map TEST in 

The policies are applied to the neighbors using the "neighbor route-map" 

commands. 

Do not try to test reachability to the network through the newly assigned next hop 

IP addresses, the purpose of this I ah is to understand the scope of the community 

attributes and its uses. To verify this lab enter "Show ip bg p" to see the next hop 

attribute. 

R I "Show :p bgp 

BGP table version is 6. local router ID is 1 . 1 . 1. 1 
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Status codes: s 


suppressed, d damped, h history, 


* valid, > best, i - internal, 


rRlB- 


failure. S Stale 








rig in codes: i 


-IGP«e-EGP, 


? - incomplete 






Network 


Next Hop 


Metric LocPrf 


Weight 


Path 


*> 1.0.0.0 


0.0.0.0 





32768 


i 


*> 20. 1.2.0/24 


10.1.12.2 


{'! 





200 i 


*> 20. 1.3 .0/24 


10.1.13.3 








200 i 


*> 30. 1.2.0/24 


10.1.12.2 


!) 





300 i 


*> 30. 1. 3.0 '24 


10.1.13.3 








300 i 



Task 9 

Erase the startup con tig and reload the routers before proceeding to the next lab. 
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Lab 7 - BCP Cost Community 



AS 100 




AS 200 



Lab Setup: 

> Configure Rl to be the hub and R2 and R3 to be the spokes, the frame-relay 
routers should be configured in a point-to-point manner. 

> RlPv2 should be used to provide NLR] tor the links. The loopbackO interfaces of 
R2, R3 and R4 should also be advertised in RIPv2 routing protocol. 

> The FQ.'O interface of R2, R3 and R4 should be configured in VLAN 234. 
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> Use the fo Hawing 1 P addressing e hart for IP addressing assignment 



IP addressing: 



Router 


Interface IP address 


Rl 


SO 0.12= 10.1.12.1 24 
SO. 0.13= 10.1.13.1 ;24 
LoopbackO = 1.1.1.1/8 
Laapback I = 100.1. 1.1 .24 
Loopback2=200.1.l.l 24 


R2 


SO/11.21 = 10.1.12.2/24 
F00 = 10.1.234.2 -'24 
LoopbackO = 2.2.2.2 8 


R3 


SO. 0.31 = 10.1.13.3 24 
F0 = 10.1234.3 "24 
LoopbackO = 3.3.3.3/8 


R4 


F0/0= 10.1.234.4 -'24 
LoopbackO = 4.4.4.4 /8 



1 ask 1 

Configure Rl in AS 100, this router should establish an EBGP peer session with R2 and 
R3 in AS 200, Rl should advertise it's Lol and Lo2 interlace in BGP. All BGP routers 
should use their loopback interface as their router-id. 



On Rl 

R 1 (config)#ro utcr bgp 100 

Rl (con fig-rout er)#bgp router-id 1 . 1 . 1. 1 

Rl (config-routcr)^no auto-summary 

R 1 ( c o n fig-r o u t cr)#ncigh 1 . 1 . 1 2 2 rcrno tc- as 2 
Rl(config-routcr)#ncigh 10.1.13.3 remote- as 200 

Note in BGP iff the auto summary is disabled, then a sub net ted network should be 
advertised using the mask keyword followed by the correct mask. 
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Rlfconilg-routcr)* network 100.1. 1.0 mask 255.255.255.0 
Rl rconfig-routcr)#nctwork 200. 1 .1.0 

On R2 

R2 (c o n figure liter bgp 20 
R2(config-routcr)#bgp router-id 2.2.2.2 
R2(config-routcr)#no auto-summary 

R2i;config-router)#ncighbor 10.1.12.1 rcmotc-as 100 

On 1*3 

R 3 (c o n figure u tcr bgp 200 
R3(config-routcr)rrbgp routcr-id 3.3.3.3 
R 3 (c o n fig-ro u tcr)#no aut o - su mmary 

R3 icon fig -routcr)#ncighbor 10.1.13.1 rcmotc-as 200 



To vl'i itv the configuration: 



On kl 

Rl#Show ip bgp summary 

BGP router identifier LI XI, local AS number 100 

BGP tabic version is 3, main routing tabic version 3 

2 network entries using 234 bytes of" memory 

2 path entries using 104 bytes of memory 

2 1 BGP path bestpath attribute entries using 248 bytes of memory 

BGP route- map cache entries using bytes of memory 

BGP filter-list cache entries using bytes of memory 

BGP using 586 total bytes of memory 

BGP activity 20 prefixes, 2/0 paths, scan interval 60 sees 

Neighbor V AS MsgRcvd MsgScnt TblVer InQ OutQ Up/Down Statc'PfxRcd 
10.1.122 4 200 4 5 3 £30:01:34 

10.1.13.3 4 200 4 5 3 00:00:20 

Rl#Show ip bgp 

BGP tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
rRlB-iailurc, S Stale 
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Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Network 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.024 0.0.0.0 32768 i 


*> 200. 1.1.0 


0.0.0.0 32768 i 


On R2 




R2#Show ip b^ 


£ 


BGP table version is 3, local router ID is 2.2.2.2 


Status codes: s 


suppressed, d damped, h history, * valid, > best,, i - internal, 


rRlB- 


failure, S Stale 


Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Net wort: 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.0 24 10.1.12.1 1 00 i 


*> 200. 1.1.0 


10.1.12.1 100 i 


On R3 




R3£Show ip b^ 


il 


BGP table version is 3, local router ID is 3.3.3.3 


Status codes: s 


suppressed, d damped, h history, * valid, > best, i - internal, 


rRlB- 


failure, S Stale 


Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Net wort 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.0 24 10.1.13.1 100 i 


*> 200. 1.1.0 


10.1.13.1 100 i 



I ask 2 

Configure an 1BGP peer session between R2, R3 and R4; these routers should establish 
their peer session based on their Loopback interface. 



On R2 

R2 (c o n fig )#ro u tcr bgp 20 
R2(config-routcr)#ncighbor 3.3.3.3 rcmotc-as 200 
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R2(conilg-routcr)#neighbor 3.3.3.3 updatc-sourcc loO 
R2(config-router)r*ncjghbor 4.4.4.4 rcmotc-as 200 
R2(config-routcr)#ricighbor 4.4.4.4 updatc-sourcc loO 








On R3 








R3(config)#routcrbgp 200 
R3(config-router)#neigM>or2 s Z2,2 rcmotc-as 200 
R3('config-routcr)#ncighbor 2.2.2.2 updatc-sourcc loO 








R3(conf]g-routcr)#ricighbor 4.4.4.4 rcmotc-as 200 
R3(config-roiiter)#neighboi 4.4.4.4 updatc-sourcc loO 








On R4 








R4 (e o n fig)#ro u t cr bgp 20 
R4(config-routcr)#no auto-summary 
R4(config-routcr)r*bgp routcr-id 4.4.4.4 








R4 i "c o n fig-ro u tcr)#ncighbo r 2 . 2. ?. 7 rcmo t o as 20 
R4(config-routcr)#ncighbor 2.2.2.2 updatc-sourcc loO 








R4(config-router)#ncighbor 3.3.3.3 rcmotc-as 200 
R4iconfig-routcr)#ricighbor 3.3.3.3 updatc-sourcc loO 








To verify the configuration: 








On R2 








R2#Show ip bgp summ 








BGP router identifier 2.2 .2.2, local AS number 200 

BGP table version is 3, main routing tabic version 3 

<snip> 

Neighbor V AS MsgRcvd MsgScnt TbIYcr InQ OutQ L'p/Down 

3.3.3.3 4 200 7 7 3 00: 02:44 

4.4.4.4 4 200 5 6 3 00:01:27 
1 0.1. 1 2.1 4 100 31 30 3 00:27:38 


State PtxRcd 

2 


2 






On K3 








R3"Show ip bgp summ 








BGP router identifier 3.3.3.3, local AS number 200 






cc 
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BGP tabic version is 3, main routing tabic version 3 

2 network entries using 234 bytes of memory 

4 path entries using 208 bytes of memory 

3/1 BGP path bestpath attribute entries using 372 bytcsof memory 

I BGP AS- PATH entries using 24 bytes of memory 

BGP route-map cache entries using bytes of memory 

BGP filter-list caehc entries using bytes of memory 

BGP using 838 total bytes of memory 

BGP activity Z'O prefixes, 4/0 paths, scan interval 60 sees 



Neighbor 
22.2.2 
4.4.4.4 
10.1.13.1 



On R4 



V AS MsgRcvd MsgSent TblVcr InQ OutQ Up Down State PlxRcd 

4 200 12 12 3 00:07:55 2 

4 200 9 10 3 00:05:59 

4 100 36 35 3 00:31:36 2 



R4#Show ip bgp summ 

BGP router identifier 4.4.4.4, local AS number 200 

BGP table version is 3, main routing table version 3 

2 network entries using 234 bytes of memory 

4 path entries using 208 bytes of memory 

2/1 BGP path bestpath attribute entries using 248 bytes of memory 

1 BGP AS- PATH entries using 24 bytes of memory 

BGP route- map cache entries using bytes of memory 

BGP filter-list cache entries using bytes of memory 

BGP using 714 total bytes of memory 

BGP activity 20 prefixes, 4/0 paths, scan interval 60 sees 



Neighbor V AS MsgRcvd MsgSent TblVcr InQ OutQ Up. Down State 1 ? fitRod 
22.2.2 4 200 15 14 3 00:10:40 2 

3.3.3.3 4 200 15 14 3 00: 10:01 2 



Task 3 



Configure R2 and R3 to result the following output: 
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On R2 










R2#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




*i 100. 1.1. 0/24 


3.3.3.3 


100 


100 i 




*> 


10.1.12.1 





100 i 




* i200. 1.1.0 


1 -| -| T 

*t ""i 1 "h 


100 


100 i 




*> 


10.1.12.1 





100 i 




On R3 










R3#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




*i 100. 1.1. 024 


2,2.22 


100 


100 i 




*> 


10.1.13.1 





100 i 




* .200.1. 1.0 


--■-'-' 


100 


100 i 




*> 


10.1.13.1 





100 i 




On R4 










R4#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




* ilOO.1.1.0 24 


-i -i m i 
JJJJ 


100 


100 i 




*>i 


7 7 7"! 


100 


100 i 




* 1200.1. 1 .0 


~i T ^ 1 

■* *S *S ^ 


100 


100 i 




*>i 


:.:.:.: 


100 


lOOi 






On R2 














R2(config')#ro Liter bgp 200 












R2 (con fig -router 


)#ncighbor 3 


3.3.3 ncxt-hop-sclf 










R2 (con fig-ro lit cr)# neighbor 4.4.4.4 next- hop- self 










On R3 














R 3 (c o n figure u tcr bgp 20 












R3(config-routcr 


)#ncighbor 2 


2.2.2 ncxt-hop-sclf 










R 3 (eon fig -router 


Jr^ncighbor 4.4.4.4 ncxt-hop-sclf 








CCIE R&<> bj Nartnk Kocharians 


Advanced CCIE R&SV 


hark Book 2.0 


Page "42 of 1068 






C 2009 Virbik Kucha rum. All rhjIiU reserved 















To verify the cunfimiratiun: 








On R2 








R2#Show ip bgp b Network 








Network Next Hop Metric LocPrfWcight Path 
* ilOO.l. 1.0^4 1,1,1.1 100 TOO i 
*> 10.1. 12. 1 100 i 
*i20O.I.ljG 1.1,11 100 OlOOi 
*> 10.1.12.1 100 i 








On R3 








R3#Show ip bgp h Network 








Network Next Hop Metric LocPrf Weight Path 
*i 100. 1.1. 0/24 2,7,7,2 100 O lODi 

*> 1 0.1.1 3.1 OlOOi 
*i200. 1.1.0 22.2.2 100 100 i 
*> 1 0.1.1 3.1 OlOOi 








On R4 








R4#Show ip bgp b Network 








Network Next Hop Metric LocPrfWcight Path 
* i 100. 1 . 1 ,0/24 3.3. 3.3 100 100 i 
*>i 222.2 100 OlOOi 
*ia0O.l.ljQ 3,1 1 3 100 100 i 
*>i 7,7,7,2 100 OlOOi 






Task 4 




Configure R4 such that if a "Show ip bgp | b Network" command 
the output of the following: 


is entered, it matches 


On R4 




R4#Show ip bgp b Network 
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X ct w ork Next Hop M etrie L ocP if Weigh t Path 

*>ilO0. 1.1.0/24 3.333 100 100 i 

*i 2.2.22 UK) OlOOi 

* 1200.1. 1.0 3.3.3.3 100 OlOOi 

*>i 1112 100 100 ] 



In this scenario, the cost extended community attribute is used. 
£■ Cost is an extended community attribute 

> It's a Non-Transitive extended community attribute that alhms you to 
customize the local mute preference t>hich can influence the best path 
selection pit) cess 

> This attribute is applied by configuring the "Set extcommunity cost'" 
command, using a route-map. This command is configured with a cost 
community id (0-255) and a cost value (0-4.29 Billion) with a default cost 
value of 2.145 Billion. The lower value has more preference, but the hmer 
EASl community id value is used as the tie breaker. 

On K4 

The following identifies the prefix: 

R4(config)Saecess-list 1 permit 100.1.1.0 0.0.0.255 

A route-map matches the access-list and applies the extcommunity cost attribute 
with tiff* numbers, the first number is the community id and the second number is 
the community value. 

R4 (con fig )r#Ro utc- map TST permit 10 
R4 (con fig-route- map)" match ip address 1 
R4(conllg-ro utc- map) s Set extcommunity cost 1 1 

R4 (c o n fig-ro u tc- map )# route- map TST per 20 

Lastly, it's applied by the neighbor command: 

R4 (eon fig-ro u t c- map )# router bgp 200 
R4(config-routcr)# neighbor 3.3.3.3 route-map TST in 
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Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 8- 


- BGP & Load Balancine-I 






S 



/ 



AS 100 N 10i1 . 1i0/24 AS200 



LcC 



\ 



V 



v 




■', 



/ 



J \ 

10.2.2.0/24 



Lot) 




--■. 



/ 



---' 



l.al> Set up: 

> Configure FO/0 interlace of Rl and R2 in VLAN 1 00 
r Configure FO/I interlace of Rl and R2 in VLAN 200 

> Use the IP addressing chart for IP address assignment 



II* addt Lssin": 



Router 


Interlace/ IP address 


Rl 


F0 = I O.I. 1.1 .'24 
FO'l =10.22.1 ;24 
LoopbackO = 1. 1.1.1 % 


R2 


F0/0 = 10.1.1.2/24 
FflWJ =10.2.2.2 /24 
I.oopbackO = 2.2.2.2 ffl 



CCIE R&5> by Narvik Kucharians Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha rianx All rijjhu rciervcil 



Page 746 of 1068 



Task 1 

Configure an EBGP peer session between Rl and R2 ensure that these routers perform 
load balancing using the two links. Use an 1GP of your choice. 



In this topology since the routers are directly connected, the load balancing can he 
performed if the EBGP peer session is established based on the loophack interface of 
the routers, up to 6 equal cost paths can be used. RIP 1 .! was chosen lis (Iil 1 ICiP, 

On Rl 



R 1 (configure utcr bgp 1 00 

Rl (config-routcr)#no auto-summary 

Rl (c o nfig-ro liter )# neighbor 2.2.2.2 remote- as 200 
Rl(eonfig-router)#ncighbor 2.2.2.2 cbgp-mu'itihop 2 
Rl (con fig-rout cr)#ncighbor 2.2.2.2 update-source loO 

R 1 (configure Liter rip 

R I (config-routcr)#no auto-summary 

Rl (config-routcr)#vcr 2 

Rl (config-router)#nctwork 10.0.0.0 

R 1 (config-rou tcr)#nctwork 1 . 0.0.0 

On R2 

R2(config)#routcrbgp 200 
R2(eonfig-roLi tcr)Trno auto-summary 

R 2 1 c o n fig -r o u t cr )#ncighbo r 1.1.1.1 remo tc- as 1 
R 2 1 c o n fig -r o u t cr)#ncighbo r 1.1.1.1 u p d at c - so u rcc loO 
R2(config-router)#ncighbor 1 . 1. 1. 1 cbgp-mu'itihop 2 

R2(config)#ro Liter rip 
R2(config-routcr)#no auto-summary 
R2 (c o n fig-ro u t er)# vcr 2 
R2 (c o n fig-ro u ier)# net wo r k 10. 0. 0. 
R2(config-roiitcr)rrnctwork 2. 0.0.0 



To verify the configuration: 



On Rl 



Rlr*Sh in ban summ 
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BGP router identifier 1.1.1.1, local AS number 100 
BGP tabic version is 1, main routing table version 1 






Neighbor V AS M 
22.2,2 4 200 


sgRcvd MsgScnt 

7 " 8 


THVcr 

1 


InQ QutQ Up/Down Statc/PfxRcd 
00:01:07 


On Kl 












Rl#Showip route rip 












R 2.0.0.0 8 [120/1] via 
[120/1 J via 


10.2.22, 
10.1.1.2, 


00:00:03 
00:00:27 


FastEthcmctO/1 
, FastEthcrnctO/0 




On R2 












R2#Show ip route rip 












R 1.0.0.0/8 [ 120/ lj via 
[120/1 J via 


102.2.1, 

10.1.1.1. 


00:00:19 
00:00:03 


FastEthcmctO/1 
, FastEthcrnctO/0 




To test the configuration: 










On kl 












RItfTraccroutc 2.2.2.2 












Type escape sequence to abort. 
Tracing the route to 2.2.2.2 










1 107? 2 4 msec 
10.1.1.2 4 msec * 












On R2 












R2*Traccroutc 1.1.1.1 












Type escape sequence to 
Tracing the route to I.I. 


abort. 

.1 










1 10.2.2.1 msec 
10.1.1.1 msec * 
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Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 9 - BGP & Load Balancing-II 



AS 100 



/ 



/ 



\ 



X 




10.1^3-0/24 



AS 200 



N 



\ 



/ 



.-'• 



Lab Setup: 

> Configure R! as the hub and R2 and R3 as the spokes, all frame-relay links 
should bcconfigurcd in a point-to-point manner. 

> Configure FGV0 interface of R2 and R3 in VL AN 23. 

> Use the IP addressing eh art for IP addressing assignment. 
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II J addt Lssinjj; 



Router 


Interface ■' IP address 


Rl 


SO 0.12= 10. 1. 12.1 24 
SO 0.13= 10. 1.1 3.1 ,'24 
LoopbackO = 1. 1.1.1 8 


R2 


SO/0.21 = 10.1.12.2 "24 
FO0 = 10.1.23.2/24 


R3 


SO 0.31 = 10.1.13.3 .'24 
FO/0 = 10.1.23.3/24 
LoopbackO = 3.3.3.3/8 



1 ask 1 

Configure Rl in AS 100 to establish EBGP peer sessions with R2 and R3 in AS 300. R2 
and R3 shoiud advertise nctw 10.1.23.0 .24 in BGP. 



On Rl 








Rl (config-routcr)**rautcrbgp 100 




Rl (config-routcr)r*no auto-summary 




R 1 (con fig-ro utcr)#ncighbor 


10.1 


12.2 rcmotc-as 


200 


R 1 (config-ro Liter) ^neighbor 


10.1 


13.3 rcmotc-as 


200 


On R2 








R2i;config)?*ra Liter bgp 200 








R2(config-rou tcr)#no auto-summary 




R2iconfig-routcr)r*\ct\vork 


10.1. 


23.0 mask 255. 


255.255.0 


R2 (c o n fig-ro u t cr )# ncighbo r 


10.1 


12.1 rcmotc-as 


100 


R2 (c o n fig-ro u t cr)?* ncighbo r 


10.1 


.23.3 rcmotc-as 


200 


On R3 








R3(config)#routcrbgp 200 








R 3 (c o n fig-ro u tcr)r* no aut o - su mmary 




R3(config-routcr)r* network 


10.1. 


'3.0 mask ">55.255.255.0 


R 3 (c o n fig -ro u t cr)** ncig hb o r 


10 J 


13. 1 rcmotc-as 


100 
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R3(config-routcr)#ncighbor 10.1.23.2 rcmotc-as 200 
'l'o verify the configuration: 

On Kl 

R1*Sh ip bgp 

BGP tabic version is 2, local router ID is I . I . I . I 

Status codes: s suppressed, d damped;, h history, * valid, > best, i - internal, 

r Rl B - tail ore, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

* 10.1.23.0 24 10.1.122 " 200 i 

*> 10.1.13.3 200 i 

RlftShow ip route b Gateway 

Gateway of last resort is not set 

C I .O.O.O'S is directly connected, LoopbackO 

10.0.0.0/24 is subnetted, 3 subnets 
C 1 0. 1 .1 3.0 is directly connected, ScrialO'O. 13 
C 1 0. 1 . 1 2.0 is d ircctly connected, Scrial0/0. 1 2 
B 10.1.23.0 (20/01 via 10.1.13.3,00:03:32 



Task 2 

Configure Rl such that it uses both neighbors ( R2 and R3) to perform an equal cost load 

balancing. 



Note BGP will ONLY use one path to a given destination: therefore, it does not 
perform load balancing amongst multiple equal cost paths. The "maximum-paths'' 
command can he configured to change this behavior. 

On Kl 



R 1 (c o n fig)#ro uter bgp 10 

Rl (con fig -routcr)#maxi mum- paths 2 
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To verify the configuration: 

On Rl 
RlgShgw ip bgp 

BGP tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped;, h history* * valid* > best* i - internal* 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 10. 1.23.0 24 10.1.12.2 ~ 200 i 

* 10.1.13.3 200 i 

Rlr^Show ip route h Gateway 

Gateway of last resort is not set 

C 1.0.0.0/8 is directly connected. LoopbackO 

1 0.0.0. 0/24 is subnet .ted. 3 subnets 
C 1 0. 1 . . 1 3 .0 i s d ircc tly co n n cc t cd , ScrialO/0 . 1 3 
C 1 0. 1 . 12.0 is directly connected, ScrialO/0. 12 
B 10.1.23.0 [20/01 via 10.1.13.3, (10:00: IS 
[20/01 via 10.1.12.2,00:00:18 

Note Rl is performing equal cost load balancing across the hvo links. 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 10 - BGP Unequal-Cost Load Balancing 



s 



/ 



/ 



AS 100 

10.1.1.0/24 




AS 100 



■s 



=0/01.1 



10.1.1.0/24 



\ 



\ 



\ 




\ 



AS 200 



/ 



N 



\ 



/ 



/ 



---. 
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Lab Setup: 

> Configure F ().'() interface of Rl. R2, R3 and R4 should be configured in VLAN 
100. 

> Configure the frame-relay connections in a pa int-to-puint manner. 
S* Use the IP addressing chart below for IP address assignment. 

IP aililfL'ssina: 



Router 


Interface IP address 


VLA>" 


R I 


F0 = IO.i.i.1 24 


100 


R2 


F0/0 = 10.1.1.2/24 
SO/0.25 =10.1.25.2/24 


100 


R3 


SO. 0.35= 10.1.35.3/24 
F0 = 10. 1.1.3 24 


1 00 


R4 


F00 = 10.1.1.4/24 
SO/0.45 =10.1.45.4/24 


100 


R5 


SO 0.54= 10.1.45.5/24 
SO/0.53 = 10.1." V24 
SO/0-52 =10.1.25.5/24 
Lo0 = 5.5.5.5/8 





Task I 



Configure peering according to the diagram. 



On Rl 










R 1 (config)#ro utcr bgp 100 










R 1 iconf]g-routcr)#ncighbor 


10.1 


1.2 


remote 


100 


R 1 (c o n fig-ro u tcrj^ncighbo r 


10.1 


1.3 


remote 


100 


R 1 ( c o n fig-ro u t cr)#ncighbo r 


10.1 


1.4 


remote 


100 


On R2 










R2(config)n i routcr bgp 1 00 
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R2(config- 
R2(config- 
R2 (eon fig- 
R2 (con fig- 
R 2 (con fig- 


router)?* no au 
routcr)#ncighbor 
router)?* neighbor 
router)?* neighbor 
routcr)Trneighbor 


I0.I.I.I remote 100 

10.1. 1.3 remote 100 

10.1. 1.4 remote 100 
10.1.25.5 remote 200 


On R3 








R3 (c o n fig)#ro u t cr bgp 1 00 
R 3 (c o n fig-ro u tcr)# no au 
R3(config-routcr)r# neighbor 
R 3 (c o n fig-ro u t cr) # ncighbo r 
R 3 (c o n fig-ro u tcr)#ncighbo r 
R3(config-routcr)#neighbor 
R3( con fig-ro utcr)rr neighbor 


10 
10 
10 
10 
10 


1.1.1 remote 100 

1.1.2 remote 100 
1. 1.4 remote 100 
Li<5 % remote WQ 
1.35.5 remote 2 00 


On R4 








R4 (c o n fig-ro ut cr bgp 100 
R4 (con fig-ro utcr)r*no au 
R4(config-routcr)n : neighbor 
R4 (c o n fig-ro u tcrjrr ncighbo r 
R4 (c o n fig-ro u tcr)# ncighbo r 
R4iconfig-routcr)r# neighbor 


10 
10 
10 
10 


1.1.1 remote 100 

1.1.2 remote 100 

1.1.3 remote 100 
1.45.5 remote 2 00 


On R5 








R5(config)#ro Liter bgp 200 
R 5 (con fig-ro Litcr)#no au 
R5 (con fig-ro u t cr)#ncighbo r 
R5 (c o n fig-ro li tcr)Tr ncighbo r 
R 5 (c o n fig-ro u t cr) r* ncig hb o r 
R5(config-roLitcr)rrnctwork '. 


10.1.25.2 remote 100 

10.1.35.3 remote 100 

10.1.45.4 remote 100 
5.0.0.0 


To vcrit\ 


the eonf'ijiunitn 


►n: 


On Rl 








Rl*Show 


p bgp b Network 




Network 
*i5. 0.0.0 
* i 


Next Hop 

10.1.25.5 

10.1.35.5 




Metric LocPrf Weight Path 
1 00 200 i 
1 00 200 i 
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Task 2 

Configure the border routers to change the next hop IP address to an internal IP address. 






On R2. R3 and R4 

R2(config)#ro Liter bgp 100 
R2(eonfig-routcr)r*rieighbor 10.1.1.1 next-hop-sdf 

To verity the configuration: 

(Jn Rl 

R ISShow ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 
*>i5 .0.0.0 10.1.1.2 100 200i 
*i 10.1.1.3 100 200 i 






Task 3 

Configure the routers in AS 1 00 such that Rl distributes traffic proportionally over the 
external links to reach prefix 5.0.0.0 '8, the load balancing should be done based on the 
bandwidth of the links between the border routers of this AS and AS 200. 






Tht unequal cost load balancing feature is used in conjunction with BGPmultipath 
feature to advertise the exit link's bandwidth as an extended community to IBGP 
peers, this feature is used for links between directly connected EBGP neighbors and 
available in I OS release 12.2(21.1 or better. 

To configure this feature, the following steps should be performed: 

1. Enable the BGP dmzlink-bw feature: 

This is accomplished by configuring the "BGP dmxlink-hw'" router 
configuration command, this must be configured on the border routers and 
the internal routers 

2. Configure BGP to include the link bandwidth value of the external interface 
in extended community so they can be propagated to IBGP peers. This is 
accomplished through the "Neighbor dmzlink-bw" muter configuration 
mode command. 




cc 
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Remember, for this feature to work, Rl must have an equal IGP cost and BGP 
attributes or else the feature will NOT work. Note the bandwidth of the links 
connecting the border routers R2, R3 and R4 to AS 200 is set to 64K, 128K and 
192K respectively. 

On Rl 



Rl*Showipbgp 5. 0.0.0 

BGP routing table entry tor 5.0.0.0/8, version 2 
Paths: (2 available, best #2, tabic Dcfau It-IP-Routing- Table) 
Flag: 0x820 
Not advertised to any peer 
200 
10.1.1 J from 10. 1.1.3 (10.1.35.3) 
Origin IGP, metric 0, localprcf 100. valid, internal 
200 
10.1.1.2 from 10.1.1.2(10.125.2) 
Origin 1GP, metric 0, localprcf 100, valid, internal, best 

RlsShowip route 5.0.0.0 

Routing entry for 5.0.0.0/8 
Known via "bgp 1 00", distance 200, metric 
Tag 200, type interna! 
Last update from 10.1.1.2 00:00:30 ago 
Routing Descriptor Blocks: 
* 10.1.1.2, from 10.1.1.2, 00:00:30 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 

Note BGP table identifies ONLY one of the routes as the best, in this case since al 
the attributes are equal, and the "BGP Bestpath compare- route rid'" command is 
NOT configured, the neighbor with the lowest IP address was chosen. 

To configure the task: 

On Rl 

The following allows the local router to have three equal IBGP cost paths: 

R 1 (eonfig^Routcr bgp 100 
Rl(config-routcr)"maxiinum-path ibgp 3 
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On R2. R3 and R4 

Rx(config)#ro utcr bgp 100 

Rxfconfig-routcr^neighbor 1(1.1.1.1 send- eo mm unity extended 

Rx(config-routcr)#bgp dmzlink-hvv 

On R2 

R2(config)#routcrbgp 100 

R2(config-routcr)# neighbor 10.1.25.5 dmzlink-bu 

On R3 

R3(config)#roLitcr bgp 100 
R3(config-roLitcr)#neighbor 10.1.35.5 dmzlink-bu 

On R4 

R4 (c o n figure liter bgp 1 00 

R4(config-routcr ^neighbor 10.1.45.5 dirudink-lm 

To vL'rit'y the configuration : 
On Rl 

Rl*Sho\vipbgp 5. 0.0.0 

BGP routing tabic entry for 5.0.0.0/8, version 2 

Paths: (3 available, best S2, tabic Dciault-lP-Routing-Tablc) 

Multipath: iBGP 

Flag: 0x820 

Not advertised to any peer 

200 

10. 1.1.2 from 10. 1.1.2 (10.125.2) 

Origin 1GP, metric 0, localprcf 100, valid, internal, multipath 
DMZ-UnkBw 8 kbytes 
200 
10.1.1.4 from 10.1.1.4(10.1.1.4) 

Origin 1GP, metric 0, localprcf 100, valid, internal, multipath, best 
DMZ-LinkB* 24 kbytes 

200 

10.1.1.3 from 10.1.1.3 (10.1.35.3) 
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Origin 1GP, metric D, localprcf 100, valid, internal, rnultipath 
DMZ-LinkBw 16 kbytes 

Rl*Shwip route 5.0.0.0 

Routing entry for 5.0.0.0. 8 
Known via "bgp 1 00". distance 200, metric 
Tag 200, type internal 
Last update from 10. 1.1.3 00504:46 ago 
Routing Descriptor Blocks: 
1 0.1.1 .4, fam 10.1. 1 .4, 00:04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 
1 0. 1. 1 .3, Irani 10.1 . 1 .3, 00:04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 
* 10.1.1.2, from 10.1.1.2, (X):04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 

Note the traffic count is 1, in order to have the BGP table reflect on this counter, the 
"BGP d mil ink- bw" must be con figured, as follows: 

On Rl 



R 1 (configure liter bgp 1 00 

Rl (config-routcr)nbgp dm/link-hvi 

To verify the configuration: 
On Rl 

RlnShow ip route 5.0.0.0 

Routing entry for 5.0.0.0/8 
Known via '"bgp 100", distance 200, metric 
Tag 200, type internal 
Last update from 10. 1 . 1 .3 00: 00:40 ago 

Routing Descriptor Blocks: 

1 0. 1. 1 .4, from 1 0. 1 . 1 .4, 00:00:40 ago 
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Route metric is 0, traffic Share 


count 


is 2 




AS Hops 1 










Route tag 200 










10.1.1.3, irom 10.1.1.3, 


00:00:40 


ago 






Route metric is 0, traffic share 


count is 1 




AS Hops 1 










Route tag 200 










* 10.1.1.2, from 10.1.1.2, 


00:07:53 


ago 






Route metric is 0, trail 


c share 


count 


is 24 




AS Hups 1 










Route tag 200 










Note the feature does not 


work ur 


less it 


iS LilL 


hied. 



task 4 

Erase the startup configuration on all routers before proceeding to the next lab. 
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Lab 1 1 - Local-Preference -I 



AS 100 



/ 



••-. 




AS 200 



Lab Setup: 

> Configure the routers that arc connected to the frame-relay clouds in a no int-to- 
point manner. 

> Rl and R4's FGVO interface should be configured in VLAN 14. 

> R2 and R3's FO/0 interlace should be configured in VLAN 23. 
*> L'sc the following IP addressing chart for IP address assignment. 
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IE 



addressing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 
Lol 

SOU 12 
FO/0 


1.1.1.1 8 

1 I.I.I. 1 8 
10.1.12.1 .24 
10. 1. 1 4.1 24 


100 


R2 


LoO 
SO/0.21 

mm 


2,2,2,2/8 
10.1.12.2/24 
10.1.23.2 24 


200 


R3 


LoO 
FO/0 
SO 0.34 


1 1 1 I ,'M 

}JJJ .'0 

10.1.23.3.24 
10.1.34.3 24 


200 


R4 


i.i.ii:) 

FO/0 
S070. 43 


4.4.4.4 '8 
10.1.14.4 24 
10.1.34.4 24 


200 



1 ask 1 

Conligure routers R2. R3 and R4 :n AS 200. these routers should have III! mesh peer 
session between them. Routers R2 and router R4 should have EBC3P peer session to Rl in 
AS 100. BGP routers should ONLY advertise their kxjpbaek interface's in BGP. Provide 
XLR] lor the links using RlPv2, disable automatic summarization. 



On Rl 

R 1 (c o n fig- ii> ro ut cr bgp 1 00 
R I (c o n fig-ro u tcr)#no au 

Rlfeonfig-routcr)f*nc3ghbor 10.1.14.4 remote- as 200 
Rl (eon fig-ro utcr)#ncighbor 10.1.12.2 remote- as 200 
R 1 (c o n fig-ro u tcr)#nctw 1 1 . 0. 0. 
Rl ico n fig-ro utcr^nctw 1.0. 0.0 

R 1 ( c o n fig-ro u tcr rip 

R 1 (eon fig-ro utcr)#no au 

Rl (config-routcr)#vcr 2 

Rl (config-routcr^nctwork 10.0.0.0 

On R2 

R2i;eonfig,Wroutcr bgp 200 
R2lconfiy;-routcr)"no au 
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R2(config-routcr)#no syn 










R2(config-roLitcr)#nctw 2.0. 0.0 








R2 (c o n fig-ro u t er)# neighbor 


10.1 


12.1 


remote- as 


100 


R2 (c o n fig-ro u t cr)r*ncighbo r 


10.1 




remote- as 


200 


R2 fc o n fig-ro u tcr)#ncighbo r 


10.1 


34.4 


rcmotc-as 


200 


R2 (con figure utcr rip 










R2 (con fig-ro utcr)#no au 










R2 (c o n fig-ro u tcr)#vcr 2 










R2 (c o n fig-ro u tcr)#nct w 1 . 0, 0. 








On R3 










R3 (c o n fig-ro u t cr bgp 20 










R3(config-roLitcr)^no au 










R 3 (con fig-ro utcr)#no syn 










R 3 (c o n fig-ro u tcr)#nct\v 3 . 0. . 








R3(config-routcr)f* neighbor 


10.1 


34.4 


remote- as 


200 


R 3 (c o n fig-ro u t cr)#ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R 3 (c o n fig-ro u tcr rip 










R3 (con fig-ro utcr)# no au 










R 3 (c o n fig-ro u tcr)# vcr 2 










R 3 (c o n fig-ro u tcr)#nct\v 1 . 0. 0. 








On R4 










R4(config)#ro utcr bgp 200 










R4 (c o n fig-ro u tcr)#no syn 










R4(config-roLitcr)f#no au 










R4 (c o n fig-ro u tcr)#nctw 4 . 0. . 








R4 (c o n fig-ro u tcr)#ncighbo r 10.1 


34.3 


rcmotc-as 


200 


R4 (c o n fig-ro u t cr) #ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R4(config-routcr)f# neighbor 


10.1 


14.1 


rcmotc-as 


100 


R4(config)#ro Liter rip 










R4 (con fig-ro utcr)#no au 










R4 (c o n fig-ro u t ftr)# vftr 2 










R4(c onfig-rou tcr)nnct\v 1 0. D. 0. 
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Task 2 

Ensure that the routers in AS 200 use R4 to reach network 1 .0.0.0 .'8 in AS 1 00. Local- 
Pref attribute must be used to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On Rl 



Rl*Sh ip bap 

BGP table version is 6, local router ID is 1 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPrf Weight Pftd 


*> 1.0.0.0 


0.0.0.0 





32768 i 


* 2.0.0.0 


10.1.14.4 




200 


*> 


10.1.12-2 





200 


* 3.0.0.0 


10.1.12.2 




200 


*> 


10.1.14.4 




200 


* 4.0.0.0 


10.1.12-2 




200 


*> 


10.1.14.4 





200 


*> i 1.0.0.0 


0.0.0.0 





32768 i 


On R2 








R2#Sh in bap 









BGP table version is 6, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*i 1.0.0.0 


10.1.14.1 





100 


100 


*> 


10.1.12.1 


i) 




100 


*> 2.0.0.0 


0.0.0.0 







32768 i 


*>i3 .0.0.0 


1 0. 1 .23.3 





100 


Oi 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


Ml 


* ill. 0.0.0 


10.1.14.1 





100 


€ 100 


*> 


10.1.12.1 







100 
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On R3 








R3#Sh ip bgp 








BGP tabic version is 6, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*i 1.0.0.0 10.1.14.1 100 OlOOi 
*>i 10.1.12.1 100 1 (KM 
*>i2.0.0.0 10.1.23.2 100 Oi 
*> 3.0.0.0 0.0.0.0 32768 i 
*>i4. 0.0.0 10.1.34.4 100 Oi 
* ill. 0.0.0 10.1.14.1 100 OlOOi 
*>i 10.1.12.1 100 OlOOi 








On R4 








R4*Sh ip bgp 








BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, 7 - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*i 1.0.0.0 10.1.12.1 100 OlOOi 
*> 10.1.14.1 OlOOi 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*>i3 .0.0.0 10.1.34.3 100 Oi 
*> 4.0.0.0 0.0.0.0 32 "68 : 
*ill.0.0.0 10.1.12.1 100 OlOOi 
*> 10.1.14.1 OlOOi 








Note Routers R2 and R3 are taking the R2-R1 link to connect to netuoi 


k 1.0.0.0 8. 






On R4 








R4lconfig)#acccss-list 1 permit 1 .0.0.0 0.255.255 ?55 








R4 (c o n fig )£ route- map TST permit 10 
R4 (c o n fig-ro utc- map )# match ip addr 1 
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R4 (c o n fig -ro utc- map )# set Local-preference 400 

R4(config)n route- map TST permit 20 

R4 (c o n fig-ro u t c- map ) # ro li t cr bgp 20 
R4(config-router)#ncighbor 10.1.14.1 route- map TST in 

The local preference attribute is used to prefer an exit point from the local AS. 
Unlike the weight attribute, the local preference attribute is propagated throughout 
the local AS. If there are multiple exit points from the local AS, the local preference 
attribute is used to select the exit point for a specific or all routes. Since the local 
preference attribute a fleets the routers within the AS, the route- map should be 
configured in the "in" direction. Remember that with local preference the higher 
value has better preference. 

To verify the configuration: 

On R2 

R2*Sh ip bgp 

BGP tabic version is 9, local router ID is 222.2 

Status codes: s suppressed, d damped, h history. * valid* > best* i - internal;, 

r RIB -iailurc s S Stale 
Origin codes: i - IGP, c - EGP. '.' - incomplete 

Metric LocPrf Weight Path 
(I 4 (HI 100 i 

100 i 



Network 


Next Hop 


*>il.0.0.0 


[0.1.14.1 


* 


10.1. 12.1 


*> 2.0.0.0 


0.0.0.0 


*>i3 .0.0.0 


1 0. 1 .23.3 


*>i4 .0.0.0 


1 0. 1 .34.4 


♦ill. 0.0.0 


10.1.14.1 


*> 


10.1.12.1 


On K3 




R3r*Sh ip bgp 










32768 i 





100 


Oi 





1 00 


Oi 





100 


100 







100 



BGP tabic version is 10, local router ID is 3.3.3.3 

StatLis codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 
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Network Next Hop Metric LocPrf Weight Path 








*>il. 0.0.0 10.1.14.1 400 OlOOi 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1.34.4 100 Oi 








♦ill. 0.0.0 10.1.14.1 100 100 i 








*>i 10.1.12.1 100 100 i 








On R4 








R4*Sh ip bgp 








BGP table version is 8, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 400 OlOOi 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32768 i 








*> 11.0.0.0 10.1.14.1 OlOOi 








*i 10.1.12.1 100 OlOOi 








Note the routers in AS 200 take the R4-R1 link to connect to network 1.0. 0.0' 8. 






Task 3 




Ensure that the routers in AS 200 use R2 to reach network 1 1 .0.0.0 .'8. Local -P re f 




attribute must be used to accomplish this task. 






Before this attribute is confiyui'ed, the existing BGP tahle of the routers in AS 200 








should he examined, as followed: 








On R2 








R2*Sh ip bgp 








BGP table version is 9, local router ID is 2 22.2 








Status codes: s suppressed, d damped, h history. * valid. > best, i - internal, 
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r RIB -failure, S Stale 








Origin codes: i - 1GP. e - EGP. '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il. 0.0.0 10. 1.14. 1 400 " 100 i 








* 10.1.12.1 OlOOi 








*> 2.0.0.0 0.0.0.0 32768 i 








*>i3 .0.0.0 10. 1 .23.3 100 Oi 








*>i4 .0.0.0 10.1.34.4 100 Oi 








♦ill. 0.0.0 10.1.14.1 100 I0O i 








*> 10.1.12.1 01 (KM 








On 113 








R3#Sh ip bgp 








BGP tabic version is 10, local router ID is 3.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-iailurc, S Stale 








Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il .0.0.0 10.1.14.1 400 " 100 i 








*>i2. 0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 1.00 100 i 








*>i 10.1.12.1 100 D 100 i 








On R4 








R4*Sh ip bgp 








BGP tabic version is 8, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-iailurc, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 400 100 i 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32768 i 








*> 11.0.0.0 10.1.14.1 1 (KM 
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*i 10.1.12.1 100 i) 10 ; 

Note muter R4 is taking the R4-R1 link to connect to network 11.(1.0.(1. 

On R2 

R2(config)#acccss-list 11 permit 1 1. 0.0.0 0.255.255.255 

R2(config)#routc-map TST permit 10 

R2(config-roLitomap)nmatch ip addr 1 1 

R2(c onfig-rou tc-map )#sct Local-p reference 400 

R2 (con figure utc- map TST permit 20 

RZiconfig-routc-map .^router bgp 200 
R2(config-router)f# ; ncighbor 10.1.12.1 route- map TST in 

To verify the configuration: 



On R2 

R2*Sh ip bgp 

BGP tabic version is 6, local muter ID is 2 22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r Rl B - tail Lire, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



* 1.0.0.0 

*>i 

*> 2.0.0.0 

*>B .0.0.0 

*>i4 .0.0.0 

*> 11.0.0.0 


10.1.12.1 
10.1.14.1 
0.0.0.0 
10.1.23.3 
10.1.34.4 
10. 1.12.1 











400 

100 
100 
400 


100 : 
1 00 i 
32768 i 

Oi 

Oi 

lOOi 


On R3 










R3*Sh ip bgp 











BGP tabic version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tail urc, S Stale 
Origin codes: i • 1GP, c ■ EGP, '- 1 ■ incomplete 
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Network Next Hop Metric LocPrf Weight Path 
*>il. 0.0.0 10.1.14. 1 400 100 i 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*> 3.0.0.0 0.0.0.0 32768 i 
*>i4 .0.0.0 10.1.34.4 100 Oi 
*>i 11.0.0.0 10.1.12.1 400 100 i 








On R4 








R4#Sh ap bfzp 








BGP table version is 1 1 , local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rPvlB-iailurc, S Stale 
Origin codes: i - 1GP. c - EGP. 7 - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.14.1 400 100 i 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*>i3 .0.0.0 10.1.34.3 100 Oi 
*> 4.0.0.0 0.0.0.0 32768 i 
*>i 11.0.0.0 10.1.111 400 100 i 
* 10.1.14.1 OlOOi 








Note the routers in AS 200 connect to network 1 1.0.0.0 '8 by going through R2-R1 
link. 






Task 4 




Erase the startup con tig and reload the routers he tore proceeding to the next lab. 
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Lab 12 - BGP Local-Preference - II 



s 



/ 



/ 



AS 100 

10.1.1.0/24 




AS 100 



■s 



=0/01.1 



10.1.1.0/24 



\ 



\ 



\ 




\ 



AS 200 



/ 



N 



\ 



/ 



/ 



---. 
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Lab Setup: 

> Configure F ().'() interface of R I . R2, R3 and R4 should be configured in VLAN 
100. 

> Configure the frame-relay connections in a pa int-ta-point manner. 
** L'sc the IP addressing chart below ibr IP address assignment. 



IP aLlilfL'ssin": 



Router 


I nt erfa c e / IP ad d ress 


VI A\ 


Rl 


F0.0 = 10. I.I.I 24 


100 


R2 


FWl)= I 0.1. 1.2/24 
SO/0.25 =10.1.25.2 24 


100 


R3 


SO 0.35= 10J.153/24 
F0 = 10. 1.1.3 .'24 


1 00 


R4 


F00 = 10.1.1.4/24 

SO/0.45 =10.1.45.4 /24 


100 


R5 


SO 0.54= 10.1.45.5 24 
SO 0.53= 10.1.35.5/24 
SO; 0.52= 10.1.25.5/24 
Lo0 = 5.5.5.5/8 





Task I 



Configure peering according to the diagram. 



On Rl 

R I (config^ro Liter bgp 1 00 
Rl iconfig-routcr)r*ncighbor 10.1.1.2 remote 100 
Rl (config-routcr)#ncighbor 10.1 . 1.3 remote 1 00 
R 1 icon fig -rou tcr)#ncighbor 10.1.1.4 rcmot c 1 

On R2 

R2iconfig)#routcrbgp 100 
R2i'L'onfig-routcr)f»no au 
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R2 (eon fig- 


routerj-neighbur 


1 0. i 


1.1 remote 100 


RZfconfig- 


router)** neighbor 


10.1 


1.3 remote 100 


R2(config- 


routcr)**ricighbor 


10.1 


1.4 remote 100 


RZfconfig- 


router)?* neighbor 


10.1 


25.5 remote 200 


On R3 








R3(config)**routcrbgp 100 






R3 (eon fig- 


router)?* no ail 






R 3 (con fig- 


routcr)**ncighbor 


10.1 


1. 1 remote 100 


R 3 (con fig- 


router)?? neighbor 


10.1 


1.2 remote 100 


R 3 (con fig- 


router)?* neighbor 


10.1 


1.4 remote 100 


R3 (con fig- 


rou tcr)**ncighbor 


10.1 


35.5 remote 200 


R3 (con fig- 


router)?? neighbor 


10.1 


35.5 remote 200 


On R4 








R4(config)r*ro Liter bgp 100 






R4 (con fig- 


router)?* no an 






R4 (con fig- 


rou tcr ^neighbor 


10.1 


1. 1 remote 100 


R4(config- 


ro u t cr)r*ncighbo r 


10.1 


1.2 remote 100 


R4 (con fig- 


routcr)T*ncighbor 


10.1 


1.3 remote 100 


R4 (con fig- 


rou tcr)T*ncighbor 


10.1 


45.5 remote 200 


On R5 








R5 (c o n fig)**ro u tcr bgp 20 






R .5 (con fig- 


routcr)*rno au 






R 5 (con fig- 


router)?* neighbor 


10.1 


25.2 remote 1 00 


R 5 (con fig- 


routcr)T*ncighbor 


10.1 


35.3 remote 1 00 


R 5 (con fig- 


rout cr)**ncighbo r 


10.1.45.4 remote 100 


R 5 (con fig- 


router)?? network 


5.0.0 





To verily the configure 


tion 


: 


On kl 








Rl#Show 


p bgp b Network 




Network 


Next Hop 




Metric LocPrf Weight Path 


*i5. 0.0.0 


10.1.25.5 




100 200i 


*i 


10.1." *? 




100 200 i 
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Task 2 

Configure the border routers to change the next to an internal IP address. 






On \U. R3 and R4 

R2(config ^router bgp 100 
R2(conf]g-routcr)#rjcighbor 1 .0.1 . 1. 1 next- hop -self 

In verify the eonfiauraition: 

On Rl 

R I "Show in bjjp B Network 

Network Next Hop Metric LocPrf Weight Path 

* i5 .0.0.0 10.1.1.3 100 200 i 
*>i 10.1.12 100 200i 

* i 10.1.1.4 100 200 i 






Task 3 

Configure R2. R3 and R4 such that R 1 takes R4 as the primary and R3 as the backup, if 
R4 and R3 arc both down, then it should take R2 to reach Network 5.0.0.0 8. You must 
use local preference to accomplish this task. 






On R2 

R2(config)#ro utcr bgp 100 

R2(config-routcr)#bgp default local- p reference 200 
R2(config-routcr)#do clc ip bgp * out 

On R3 

R3(config)#routcrbgp 100 

R3(config-routcr)#bgp default local-p reference 300 
R 3 (con fig-router)?* do ex ip bgp * out 

On R4 
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R4(config-router)#bgp default local- p reference 400 
R4(config-routcr)#-do cle ip bgp * out 



To verify the configuration: 



On Rl 

Rl^Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 

*>i5 .0.0.0 10 J. 1.4 400 200 

Rl*Sho\vipbgp 5.0.0.0 

BGP routing table entry lor 5.0.0. 08, version 6 
Paths: (1 available, best #1, table Default-] P-Routing-Tablc) 
Not advertised to any peer 
200 
1 0.1. 1.4 from 10.1.1.4(10.1.45.4) 
Origin 1GP, metric 0, localprcf 400, valid, internal, best 



To test tin- configuration : 



On Rl 

Rl-Traccroutc 5.5.5. 5 

Type escape sequence to abort. 
Tracing the route to 5.5.5.5 

1 10.1 1 .4 msec 4 msec msec 

2 10.1.45.5 32 msec * 28 msec 



Task 4 

Remove the configuration from the previous task and re-configure the same task using 
another method. DC) NOT use neighbor 10.1.25.5, 10.1.35.5 or 10.1.45.5. You should use 
local preference to accomplish this task. 
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On R2 

R2iconfig)#routcrbgp 100 

R2(config-routcr)#M) bgp default local-preference 200 

R2iconfig-routcr)#do clc ip bgp * out 

On K3 

R3 (c o n figJS ro u t cr bgp 100 

R3(config-routcr)#\0 bgp default local-prcfcrcncc 300 

R3(GOnfig-roiiter)#do clc ip bgp * out 

On R4 

R4(config-routcr)#NO bgp default local- preference 400 
R4(eonfig-routcr)# : do clc ip bgp * out 



To verify the configuration: 



On kl 

Rl#Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 

* i5 .0.0.0 10.1.1.3 100 ' 200 
*>i 10.1.1.2 100 200 

* i 10.1.1.4 ION 200 

To configure tliL 1 (ask: 
On K2 

R2(config)#routc-map TST permit 10 
R2(config-routc-map)#sct local-prcfcrcncc 200 
RJZfconfig-routomapjTrroLitc-map TST permit 20 

R2iconfig)#Routcrbgp 100 

R2(con%-routcr)r#neighbor HI. 1.1.1 route-map TST OUT 

R2(config-routcr)#uo clc ip bgp * out 

On R3 

R3(config)#routc-map TST permit 10 

R 3 (con fig -route- map)* set local-prcfcrcncc 300 
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R 3 (con fig-route* map)* route* map TST permit 20 

R3i;config)r*Routcr bgp 100 

R3(config-routcr)r i neighbor 1(1.1.1.1 route-map TST OUT 

R3(eonfig-routcr)#do clc ip bgp * out 

On K4 

R4 (co n fig )# route- map TST permit 10 

R4 (con fig-route- map )#set local- p re fcrcncc 200 

R4(config-routc-map)#routc*map TST permit 20 

R4(config)#Routcr bgp 100 

R4(config-routcr)# neighbor 10.1.1.1 route-map TST OUT 

R4(config-routcr)#do clc ip bgp * out 

To test the e»nli»uriition: 
On Kl 



Rl*Show ip bgp b Network 

Network Next Hop 

* i5 .0.0.0 10.1.1.3 

* i 10.1.1.2 
*>i 10.1.1.4 

R 1 -Trace-route 5.5.5.5 

Type escape sequence to abort. 
Tracing the route to 5.5.5.5 

1 1 0.1 .1 .4 msec 4 msec msec 

2 10.1.45.5 28 msec* 28 msec 



Metric LocPrf Weight Path 
300 ~ 200 i 
200 200 i 

i) 400 2 (KM 



I ask 5 



Erase the startup configuration on all routers before proceeding to the next lab. 
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Lab 13 - The AS-Path Attribute 



AS 100 




Lal> Setup: 

> Configure the routers that arc connected to the frame- re lay clouds in a po int-to- 
point manner. 

> R l and R4's FO/0 interface should be configured in VLAN 14. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

> Use the following IP addressing chart for IP address assignment. 
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II J a licit "cssing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 

Lol 

SO/0. 1 2 
FO/0 


1.1.1.1 8 

1 I.I.I. 1 8 
10. 1.1 2.1 .24 
10. 1. 1 4.1 24 


100 


R2 


LoO 
SO/0.21 

mm 


2,2,2,2/8 
10.1.12.2/24 
10.1.23.2 24 


200 


R3 


LoO 
FO/0 
SO 0.34 


1 1 1 I ,'M 

}JJJ .'0 

10.1.23.3 24 

10.1.34.3 24 


200 


R4 


LoO 
FO/0 
SO (1.43 


4.4.4.4 '8 
10.1.14.4 24 
10.1.34.4 24 


200 



Task 1 

Conligure routers R2. R3 and R4 :n AS 200. these routers should have III! mesh peer 
session between them. Routers R2 and router R4 should have EBC3P peer session to Rl in 
AS 100. BGP routers should ONLY advertise their kxjpbaek intcrikec/s in BGP. Provide 
XLR] lor the links using RlPv2, disable automatic summarization. 



On Rl 

R 1 (c o n fig- it> ro ut cr bgp 1 00 
R I (c o n fig-ro u tcr)f#no au 

Rlfeonfig-routcr)f*nc3ghbor 10.1.14.4 remote- as 200 
Rl(config-router)#ncighbor 10.1.12.2 remote- as 200 
R 1 (c o n fig-ro u tcr)#nctw 1 1 . 0. 0. 
Rl ico n fig-ro utcr^nctw 1.0. 0.0 

R 1 ( c o n fig-ro u tcr rip 

R 1 (eon fig-ro utcr)#no au 

Rl (config-routcr)#vcr 2 

Rl (config-routcr^nctwork 10.0.0.0 

On R2 

R2i;eonfig,Wroutcr bgp 200 
R2iconfiy:-routcr)"no au 
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R2(config-routcr)#no syn 










R2(config-roLitcr)#nctw 2.0. 0.0 








R2 (c o n fig-ro u t er)# neighbor 


10.1 


12.1 


remote- as 


100 


R2 (c o n fig-ro u t cr)r*ncighbo r 


10.1 




remote- as 


200 


R2 fc o n fig-ro u tcr)#ncighbo r 


10.1 


34.4 


rcmotc-as 


200 


R2 (con figure utcr rip 










R2 (con fig-ro utcr)#no au 










R2 (c o n fig-ro u tcr)#vcr 2 










R2 (c o n fig-ro u tcr)#nct w 1 . 0, 0. 








On R3 










R3 (c o n fig-ro u t cr bgp 20 










R3(config-roLitcr)^no au 










R 3 (con fig-ro utcr)#no syn 










R 3 (c o n fig-ro u tcr)#nct\v 3 . 0. . 








R3(config-routcr)f* neighbor 


10.1 


34.4 


remote- as 


200 


R 3 (c o n fig-ro u t cr)#ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R 3 (c o n fig-ro u tcr rip 










R3 (con fig-ro utcr)# no au 










R 3 (c o n fig-ro u tcr)# vcr 2 










R 3 (c o n fig-ro u tcr)#nct\v 1 . 0. 0. 








On R4 










R4(config)#ro utcr bgp 200 










R4 (c o n fig-ro u tcr)#no syn 










R4(config-roLitcr)f#no au 










R4 (c o n fig-ro u tcr)#nctw 4 . 0. . 








R4 (c o n fig-ro u tcr)#ncighbo r 10.1 


34.3 


rcmotc-as 


200 


R4 (c o n fig-ro u t cr) #ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R4(config-routcr)f# neighbor 


10.1 


14.1 


rcmotc-as 


100 


R4(config)#ro Liter rip 










R4 (con fig-ro utcr)#no au 










R4 (c o n fig-ro u t ftr)# vftr 2 










R4(c onfig-rou tcr)nnct\v 1 0. D. 0. 
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Task 2 

Configure Rl in AS 100 such that routers in AS 200 use the link through R4-RI to reach 
its network 1 .0.0.0 '8. Use the AS-Path attribute to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On R2 

R2*Sh ip bap 

BGP table version is 6, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -ikilurc s S State 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*i 1.0.0.0 1 0.1. 14.1 

*> 10.1.12.1 

*> 2.0.0.0 0.0.0.0 

*>i3 .0.0.0 10.123.3 

*>i4 .0.0.0 10.1.34.4 

♦ill. 0.0.0 10.1.14.1 

*> 10.1.12.1 

On K3 

R3*Sh in bgp 

BGP table version is 6, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB- failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 






100 


! 00 : 


1) 




100 i 







32768 i 





100 


Oi 





1 00 


Oi 





100 


1 00 i 







100: 



Network 


Next Hop 


*i 1.0.0.0 


10.1.14.1 


*>i 


10.1.12.1 


*>i2 .0.0.0 


10.1232 


*> 3.0.0.0 


0.0.0.0 


*>i4 .0.0.0 


10.1.34.4 


♦ill. 0.0.0 


10.1.14.1 


*>i 


10.1.12.1 






1 00 


100 


Li 


100 


100 





100 


Oi 







32768 i 





100 


Oi 





100 


100 





100 


100 
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On K4 

R4nSh ip bgp 

BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RJ B - tail uirc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf* Weight Path 



*> 1.(1.(1.0 


1(1.1.14.1 







(1 1(10 i 


*i 


10.1.12.1 





100 


100 i 


*>i2 .0.0.0 


10.1.23.2 





100 


0: 


*>i3 .0.0.0 


1 0. 1 .34.3 





100 


0i 


*> 4.0.0.0 


0.0.0.0 





3 


2768 i 


*> 1 1.0.0.0 


10.1.14.1 







1 00 i 


*i 


10.1.12.1 





1 00 


100 : 



To L'onfinunj \l\ so Ihu rouli'rs in AS 200 lukii lliu R4-R1 link to roach nutuork 
1.0.0. (1/8: 

On kl 

Rl(config)#actess-list 1 permit 1.(1.0.00.255.255.255 

R I (con fig)?* route- map TST1 permit 10 
R 1 (c o n fig-r o u t c- map )#matc h ip ad d r 1 
Rli;config-route-map)#sctas-pathprcpcnd 100 100 100 100 

R I (oomfigJS route- map TST1 permit 20 

R 1 (c o n fig -r o u t c- map ) £ ro u t er bg p 1 

R 1 1 c o n fig -r o u t cr)#neighbo r 10.1.12.2 ro u t c- map TST1 o ut 

'I'u verify the configuration: 

On K2 

R2*Sh ip bap 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
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rRlB-lailurc, S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>i i.o.o.o i a. 1.14.1 o ioo " a iooi 








* 10.1.12.1 100 100 100 100 100 i 








*> 2.0.0.0 0.0.0.0 32768 i 








*>i3 .0.0.0 10. 1.23.3 100 Oi 








*>i4 .0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 100 i) 100 i 








*> 10.1.12.1 OlOOi 








On R3 








R3*Sh ip bgp 








BGP table version is 7, local router ID is 3.3.3.3 








Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 








rPJB -lailurc,S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








X ct w or k Ncx t Ho p Metric Loc P r f Weight P at h 








*>il. 0.0.0 10.1.14.1 100 " 100 i 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4.0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 100 100 i 








*>i 10.1.12.1 100 OlOOi 








On R4 








R4#Sh ip bgp 








BGP table version is 6, local router ID is 4.4.4.4 








Status codes: 8 suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-lailurc, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 OlOOi 








*>i2 .0.0.0 I (XI, 31 2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32 "68: 








*> 11.0.0.0 10.1.14.1 OlOOi 
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* ; 



i 10.1.12.1 100 100 i 

Note the AS- path attribute is used to influence the degree of preference in another 
AS. R2. R3 and R4 will t!0 through R4 to reach network 1.0.0.0 /8. 



Task 3 

Configure Rl in AS 100 such that the routers in AS 200 use the link through R2-R1 to 
reach network 1 1 .0.0.0 /8. L'sc the AS-Path attribute to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On R2 

R2?*Sh ip bgp 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failurc,S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

N ct w o r k Ncx t Ho p M ctric Loc P rf Weigh t P at h 



*>il. 0.0.0 


10.1.14.1 





100 


100 i 


* 


10.1.12.1 







100 100 100 100 100 


*> 2.0.0.0 


0.0.0.0 







32768 i 


*>i3 .0.0.0 


1 0. 1 .23.3 


(] 


100 


Oi 


*>i4.0.0.0 


1 0. 1 .34.4 





100 


Oi 


♦ill. 0.0.0 


10.1.14.1 





100 


100 i 


*> 


10.1.12,1 


I) 




100 i 


On R3 










R3#Sh ip bgp 











BGP tabic version is 7, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPri' Weight Path 
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*>i 1.0.0.0 


10.1.14.1 





100 


100: 


*>i2 .0.0.0 


10.1.23.2 





100 


Oi 


*> 3.0.0.0 


0.0.0.0 





3 


2768 i 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


Oi 


* ill. 0.0.0 


10. 1.14.1 





100 


100 i 


*>i 


10.1.12.1 





100 


100 i 


On R4 










R4#Sh ip bjzp 











BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB -failure, S Stale 



Origin codes: 


i-IGP, c-EGP 


, ? - incomplete 


Network 


Next Hop 


Metric 


LocPrf Weight Path 


*> 1.0.0.0 


10.1.14.1 





100 i 


*>i2 .0.0.0 


1 0. 1 .23.2 





100 Oi 


*>i3 .0.0.0 


10.1.34.3 





100 : 


*> 4.0.0.0 


0.0.0.0 





32768 i 


*> 11.0.0.0 


10.1.14.1 





100 i 


*i 


10.1.12.1 





100 100 i 



To configure rhe jttrjbutg on Kl: 

On kl 

Rlfconfig^acccss-list 11 permit 11.0.0.0 0.255.255.255 

RI(config)#routc-map TST11 permit 10 

Rl (c o n fig -ro utc- map )# match ip addr 11 

R 1 (con fig-route* map )**iA as- path prep end 100 100 100 100 

Rlfconfig^ro utc- map TST11 permit 20 

R 1 (c o n fig-ro u t c- map )# ro u t cr bgp 1 00 

Rife on fig -router) "neighbor 10.1.14.4 route- map TST11 out 



To verify the configuration: 



On K4 
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R4"Sho\v ip bgp 

BGP tabic version is 28, local router ID is 2.22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 



Network 


Next Hop 


*> 1.0.0.0 


10. 1.14. 1 


*>i2 .0.0.0 


1 0. 1 .23.2 


*>i3 .0.0.0 


10.1.34.3 


*> 4.0.0.0 


0.0.0.0 


* 11.0.0.0 


10.1.14.1 


*>i 


10.1.12.1 






o ion ^ 





100 i 





100 Oi 





32768 i 


1) 


o i»o 100 100 100 100 



(I 1 00 10(1 i 

On K3 

R3»Sh ip bgp 

BGP tabic version is 13, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r R] B - tail urc, S Stale 
Origin codes: i - 1GP, c - EGP, ?— incomplete 

Metric LocPrf Weight Path 



Network 


Next Hop 


*>il. 0.0.0 


10. 1.14. 1 


*>i2 .0.0.0 


1 0. 1 .23.2 


*> 3.0.0.0 


0.0.0.0 


*>i4.0.0.0 


1 ft 1 .34.4 


*>i 11.0.0.0 


10.1.12.1 


On R2 




R2*Sh ip bgp 








100 100 





100 i 





32768 i 





100 i 





100 100 



BGP tabic version is 13, local router ID is 2.22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il .0.0.0 10.1.14.1 100 " 100 i 

* 10.1.12.1 100 100 100 100 100 

*> 2.0.0.0 0.0.0.0 327681 
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*>i3. 0.0.0 


10.1.23.3 





100 


Oi 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


LI I 


*> 1 1.0.0.0 


10.1.12.1 







100 i 



Note all the routers will take the R2-R1 link to connect to network 1 1.0.0.0 8. 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 14 - The Weight Attribute 



AS 100 



AS 200 



\ 



s 



s 



/ 

\ 
\ 




10. 1.1 4.0/24 



10/L23jO/24 



FO/0 




FO.'O 



\ 



N 



-■•• 



V AS 400 



AS 300 



s 



Lab Setup: 

> Configure the routers that arc connected to the frame-relay clouds in a point-to- 
point manner. 

> R i and R4's FO/0 interface should be configured in VLAN 14. 

> R2 and R3's F0 /0 interface should be configured in VLAN 23. 

> Use the following IP addressing chart for IP address assignment. 
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II* addt Lssinjj; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 


1.1.1.1 8 


100 




Lol 


1 I.I.I. 1 8 






SO/0. 12 


10.1.12.1 ;24 






FO/0 


10.1.14.1 24 




R2 


LoO 


mi ,'S 


200 




Lol 


2 2. 2. 2. 2, '8 






SO/0.21 


10.1.12.2/24 






FO/O 


10.1.23.2/24 




R3 


LoO 


T "1 T T C 1 


300 




Lol 


^^■.j'.j'. ^ S 






FO/0 


10.1.23.3/24 






SO/0.34 


10.1.34.3 24 




R4 


LoO 


4.4.4.4 '8 


400 




KO/0 


10.1.14.4,24 






SO/0.43 


10.134.4 '24 





Task I 

Configure router Rl in AS 1 00 to establish EBGP peer sessions with R2 in AS 200 and 
R4 in AS 400. 

Router R2 should establish EBGP peer sessions with Rl in AS 100 and R3 in AS 300. 
Router R3 sho uld establish EBGP peer sessions with R2 in AS 200 and R4 in AS 400. 
Router R4 should establish EBGP peer sessions with Rl in AS 100 and R3 in AS 300. 
The BGP routers should ONLY advertise their bopback's in BGP. Provide NLR] lor the 
Sinks using RIPv2. 



On kl 



100 



Rl (con fig- if)#ro utcr bgp 
Rl iconfig-routcr)#no au 

Rl(config-routcr)Trncighbor 10.1.14.4 rcmotc-as 400 
Rl icon fig -routcr)#ncighbor 10.1.12.2 rcmotc-as 200 
Rl(eonfig-routcr)#nctw 1 1.0.0.0 
Rl (config-routcr^nctw 1 .0.0.0 

R I [c o n fig)rr ro utcr rip 

Rl iconfig-routcr^no au 

R 1 (config-routcr)r*vcr 2 

R 1 (c onfig-rou tcr)f*nct\vork 1 0. 0. 0. 
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On R2 

R2 (con figure utcr bgp 200 

R2(config-routcr)r*no au 

R2 (co n fig-ro u tcr)#nctw 2 . 0. . 

R2 ( C o n fig-ro li tcr)#nctw 22 .0.0.0 

R2(config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 

R2(config-roLitcr)#ncighbor 10.1.23.3 rcmotc-as 300 

R2(c:onfig)#rauter rip 
R2(config-roLitcr)#no au 
R2(c o n fig-ro u t cr)# vcr 2 
R2(config-routcr)#nctw 10.0.0.0 

On K3 

R 3 ( c o n fig-ro u tcr bgp 30 
R 3 (con fig-ro Liter )frno au 
R3(config-routcr)#nctw 3.0.0.0 
R3 (co n fig-ro li tcr )#nctw 3 3 . 0. 0. 
R3(config-roLitcr)#ncighbor 10.1.34.4 rcmotc-as 400 
R3(config-routcr)Ti ! ncighbor 10.1.23.2 rcmotc-as 200 

R3(config)#routcr rip 

R3(config-roLitcr)#no au 

R 3 (c o n fig-ro u t cr ) # vcr 2 

R 3 (co n fig-ro u tcr)#nctw 10.0. 0.0 

On R4 

R4(config)#raiitcr bgp 400 

R4 (c o n fig-ro li t cr)#no syn 

R4 (c o n fig -ro u t cr )#nctw 4 . 0. .0 

R4(config-roLitcr)#ncighbor 10.1.34.3 rcmotc-as 300 

R4(config-roLitcr)#ricighbor 10.1.14.1 rcmotc-as 100 

R4(config)#routcr rip 
R4(config-routcr)#no au 
R4(c;onfig-routcr)r*\cr 2 
R4(config-raLitcr)#nctw 1 0.0.0.0 

To verity the configuration: 
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On R4 






R4#Sh ip bgp 










BGP table version is 8, local router ID is 4.4.4.4 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -fai lure, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Metric Lot Prf Weight Path 










*> 1.0.0.0 10.1.14. 1 Q 100 i 










* 10.1.34.3 300 200 100i 










*> 2.0.0.0 10.1.14.1 0100 200 i 










* 10.1.34.3 300 200 i 










* 3.0.0.0 1 0.1. 14.1 100 200 300 i 










*> 10.1.34.3 300i 










*> 4.0.0.0 0.0.0.0 32768 i 










*> 11.0.0.0 10.1.14.1 100 i 










* 1 0.1.34.3 300 200 100 i 










*> 22.0.0.0 10.1.14.1 0100 200 i 










* 10.1.34.3 300 200 i 










* 33.0.0.0 10.1.14.1 100200300 i 










*> 10.1.34.3 300i 








Task 2 








Configure Rl in AS 100 to use AS 200 to reach all the prefixes within this topology; you 








must use The Weight attribute to accomplish this task. 










The BGP table of Rl should be examined before the weight attribute is manipulated 










RI«Shipbgp 










BGP table version is 8, local router ID is 1 1. 1,1.1 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RlB-failurc, S Stale 










Origin codes: i - IGP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 0.0.0.0 32768 i 










*> 2.0.0.0 10.1.12.2 200i 


H8 
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* 3.0.0.0 


10.1.14.4 




400 300 i 


*> 


10.1.12.2 




200 300 i 


* 4.0.0.0 


10.1.12.2 




200 300 400 


*> 


10.1.14.4 





400 i 


*> 1 1 .0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10. 1.12.2 





200 i 


* 33.0.0.0 


10.1.14.4 




400 300 i 


*> 


10.1.12.2 




200 300 i 


On Rl 









Rliconfig^mutcrbgp 100 
RUconfig-routcr^neighbor 1(1.1.12.2 weight 40000 

The weight attribute is a Ci sew- defined attribute Unit is local to the router. This 
attribute is NOT advertised to any BGP neighbor. If there is more than one route to 
a given destination, the \\eight attribute can decide which path is better. The higher 
the value the better the preference. 

I o verify the confiuuratiun: 

On Rl 

Rl~Sh ip bgp 

BGP tabic version is 8, local router 1 D is L 1.1.1,1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 
32768 i 

40000 200 i 

400 300 200 i 
40000 200 300 i 
400 300 i 
40000 200 300 400 i 
400 i 

32768 i 

40000 200 i 

400 300 200 i 
40000 200 300 i 
400 300 i 



Network 


Next Hop 


*> 1.0.0.0 


0.0.0.0 


*> 2.0.0.0 


10.1.12.2 


* 


10.1.14.4 


*> 3.0.0.0 


10.1.12.2 


* 


10.1.14.4 


*> 4.0. 0.0 


10.1.12.2 


* 


10.1.14.4 


*> I 1 .0.0.0 


0.0.0.0 


*> 22.0.0.0 


10.1.12.2 


* 


10. 1. 14.4 


*> 33.0.0.0 


10.1.12.2 


* 


10.1.14.4 
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Task 3 

The policy of AS 100 is changed to the following: 

> R 1 in AS 100 should use R4 in AS 400 to reach networks 33.0.0.0 /S and network 
4,0.0.0 /8. 

'* Network 3.0.0.0 .'8 and existing and future prefixes from AS 200 should have a 
weight attribute of 54000 through R2. 



The BGP table of Rl should he examined before implementing the weight attribute. 

On Rl 

Rli;config)#acccss.list 1 permit 33.0.0.0 0.255.255255 
Rl (con fig ^access- list 1 permit 4.0.0.0 0.255.255255 

The above access-list identifies networks 33.0.0.0 /8 and 4.0.(1.0 /8 

Rl(config)#acccss-list 2 permit 3.0.0.0 0.255.255255 

The above access-list identifies networks 3.0.0.0 .'8 

Rl (config)#ip as- path access- list 1 permit A 200S 

The above as-path access-list identities existing and future prefixes in AS 200 

Ri(©Qiifig)#ra utc* map TST permit 10 
Rl(config-routc-map)r*match ip addr I 
R I (config-routc-map )#sct weight 45000 
Rl(config)nroutc-map TST permit 20 

The above route-map (TST) assigns a weight attribute of 45000 to the networks identified 
in the as-path access-list 1. 

Rl (config-routc-map)r*routc-map TEST per 10 
Rl(conf]g-routc-map)r*match as-path 1 
Rl (config-ro Lite* map )#sct weight 54000 
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Rl (con fig-rout c- map) ~ route- map TEST per 20 

R 1 (con fig -route- map )# match ip addr 2 
Rl (con fig-route- map )#sct weight 54000 

Rl (config-routc-map)r*routc-map TEST per 30 

The above route-map (TEST) assigns a weight attribute of 54000 to network 3. 0.0.(1 and 
existing and future netxvorks advertised in AS 2 (HI. 

R I (con fig-ro u t c- map )# ro u t cr hgp 1 00 

Rl (config-routcr)#ncighbor 10.1.14.4 route-map TST in 

Rl(config-routcr)#ncighbor 10.1.12.2 route-map TEST in 

The above commands assign the attributes to neighbors R2 and R4. 

To verify the confix uration: 

On Rl 

RISShipbap 

BGP table version is 8. local router ID is I I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-ikilurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete Note networks from AS 200 - 

Network 3.0.0.0 8 all have 
Metric LocPrf Weight Path rf7 a weight attribute of 
32768 i S 54000 

54000 


54000 n 

400/300 
400(H) 200 300 4 
45000 

32768 

(I 54000 200 i 

400 300 200 
40000 200 300 i 
45000 400 300 i 



Note network 4.0.0.0 from AS 400 and network 33.0.0.0 '8 have a weight attribute of 
45000. 



Network 


Next Hop 


*> 1.0.0.0 


0.0.0.0 


*> 2.0.0.0 


10.1.12.2 


* 


10.1.14.4 


*> 3.0. 0.0 


10.1.12.2 


* 


10.1.14.4 


* 4.0.0.0 


10.1.12.2 


*> 


10.1.14.4 


*> 1 1 .0.0.0 


0.0.0.0 


*> 22.0.0.0 


10.1.12.2 


* 


10.1.14.4 


* 33.0.0.0 


10.1.12.2 


*> 


10.1.14.4 
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Task 4 

Erase the startup config and reload the routers before proceeding to the next lab. 
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Lab 15 
Ylulti Exit Discriminator Attribute 



/• 



•■-. 




LoO 



LoO-1 



LgG-1 



rc/o 



1fl. 1.2 3.0/2 4 



"S 



\ 




Lab Setup: 

> Configure the routers that arc connected to the frame-relay clouds in a point-to- 
point manner. 

> R! and R4 s s FO interface should be configured in VLAX 14. 

> R2 and R3's FO/0 interface should be configured in VLAX 23. 

> Use the to Ho wing ] P addressing C hart for IP address assignment. 
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Ip itikiri'ssing: 



Router 


Interface 


IP Addies* 


AS nuniher 


Rl 


LoO 
Lol 

SOU 12 
FO 


1.1.1.1 8 

1 1 . 1 . 1 . ! ;8 
10.1.12.1 ;24 
10.1.14.1 24 


1 00 


R2 


LoO 
Lol 
SI) 1). 21 

roci 


2.2.2.2 m 

1 0.1. 12.2/24 
10.1.23.2 24 


200 


R3 


LoO 
Lol 
KO'O 
SO/0.34 


3.3.3.3 /8 
33.33.3 /8 

10.1.233/24 
10.1.34.3 '24 


200 


R4 


LoO 

KO'O 
SO '0.43 


4.4.4.4 '8 
10.1.14.4 '24 
10.1.34.4 '24 


200 



I ask I 

Configure routers R2. R3 and R4 in AS 200. these routers should have full mesh peer 
session between them. Routers R2 and router R4 should have EBGP peer session to Rl in 
AS 100. BGP routers should ONLY advertise their loopback interface's in BGP. Provide 
XLR1 for the links using RlPv2, disable auto matic summarization. 



On Rl 

R 1 (co n fig- if)#H3 Liter bgp 1 00 
Rl(eonfig-routcr)#no m 
Rl (config-routcr)#ncighbor 10.' 
R I (config-roLitcr)#ncighbor 1 0. ! 
Rl(config-routcr)#nct\v 1 1.0.0.0 
R 1 (eon fig-ro u tcr )#nct\v 1 . 0. . 

Rl (config)#routcr rip 

R! (eonfig-roLitcr)f^no au 

Rl (eonf]t2-routcr)#vcr 2 

R I (config-roLitcr)#nctwork 1 0. 0.0.0 



On R2 



14.4 rcmotc-as 200 
12.2 rcmotc-as 200 
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R2 (co n fig-ro u t cr bgp 20 












R2(config-roLitcr)#rio au 












R2(config-roLitcr)#no syn 












R2(config-routcr)#nctw 2.0.0.0 










R2(config-roLiter)#nctw 22 J 


). 0. 










R2 ( c a n fig-ro li tcr)#ncig hb o r 


10.1 


12.1 


remote- 


as 


100 


R2(config-roLitcr)# neighbor 


10.1 




remote- 


as 


200 


R2(config-roLitcr)# neighbor 


10.1 


34.4 


remote- as 


200 


R2 (con fig )#ro Liter rip 












R2(config-roLitcr)#no au 












R2(ocmflg-router)#ver 2 












R2(config-roLitcr)#nctw 1 0.0.0.0 










On K3 












R3(config)#roLitcr bgp 200 












R3(config-roLitcr)#no au 












R 3 (con fig-ro Litcr)#no syn 












R3(config-rauter)#netw 3.0. 0.0 










R3(config-roLitcr)#nct\v 33 J 


]. 0. 










R 3 (e o n fig-ro u tcr)#ncig hb o r 


10.1 


34.4 


remote- 


as 


200 


R 3 (c o n fig-ro li tcr)#ncig hb o r 


10.1 


23.2 


remote- 


as 


200 


R3(configJ#rcmter rip 












R 3 (con fig-ro Litcr)#no au 












R 3 (con fig-ro Litcr)#ver 2 












R3 (co n fig-ro li tcr)# nctw 1 . 0. 0. 










On R4 












R4 (configure Liter bgp 200 












R4 (con fig-ro Litcr)#no syn 












R4(config-roLitcr)r*no an 












R4 (con fig-ro u ter)#nctw 4 . 0. . 










R4 (c o n fig-ro li t cr )# nci g hb o r 


10.1 


34.3 


remote- 


as 


200 


R4(config-roLitcr)#ncighbor 


10.1 




remote- 


as 


200 


R4(config-roLitcr)#ncighbor 


10.1 


14.1 


remote- 


as 


100 


R4 (con fig )#ro Liter rip 












R4(config-routcr)n i no au 












R4 (con fig -r o li t cr )# vcr 2 












R4 (co n fig-ro uter)#netw 1 . 0. 0. 
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To verify the cunfiuuratiun: 






On Rl 










RIfrShipbgp 










BGP tabic version is 8, local router ID is 11.1.1.1 










Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 










r RIB -iai lure, S Stale 










Origin codes: i ■ IGP, c ■ EGP, ? ■ incomplete 










Network Ncx t H o p Metric L ocP rf Weigh t . P atb 










*> 1.0.0.0 0.0.0.0 32768 i 










* 2.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










* 3.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










*> 4.0.0.0 10. 1 .14.4 200i 










*> 11.0.0.0 0.0.0.0 32768 i 










* 22.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










* 33.0.0.0 10.1.14.4 200i 










*> 10. 1.12.2 200i 










On R2 










R2~Sh ip bgp 










BGP table version is 8, local router ID is ? ?.?.?.2 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -iai lure, S Stale 










Origin codes: i - IGP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPri' Weight Path 










*i 1.0.0.0 10.1.14.1 100 OlOOi 










*> 10.1.12.1 OlOOi 










*> 2.0.0.0 0.0.0.0 32768 i 










*>i3. 0.0.0 10.1.23.3 100 Oi 










*>i4 .0.0.0 10.1.34.4 100 Oi 










♦ill. 0.0.0 10.1.14.1 100 OlOOi 










*> 10. 1.12.1 OlOOi 










*> 22.0.0.0 0.0.0.0 32768 i 










*>i33. 0.0.0 10.1.23.3 100 G : 
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To verify the cunfiuuratiun: 






On Rl 










RIfrShipbgp 










BGP tabic version is 8, local router ID is 11.1.1.1 










Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 










r RIB -iai lure, S Stale 










Origin codes: i ■ IGP, c ■ EGP, ? ■ incomplete 










Network Ncx t H o p Metric L ocP rf Weigh t . P atb 










*> 1.0.0.0 0.0.0.0 32768 i 










* 2.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










* 3.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










*> 4.0.0.0 10. 1 .14.4 200i 










*> 11.0.0.0 0.0.0.0 32768 i 










* 22.0.0.0 10.1.14.4 200i 










*> 10.1.12.2 200i 










* 33.0.0.0 10.1.14.4 200i 










*> 10. 1.12.2 200i 










On R2 










R2~Sh ip bgp 










BGP table version is 8, local router ID is ? ?.?.?.2 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -iai lure, S Stale 










Origin codes: i - IGP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPri' Weight Path 










*i 1.0.0.0 10.1.14.1 100 OlOOi 










*> 10.1.12.1 OlOOi 










*> 2.0.0.0 0.0.0.0 32768 i 










*>i3. 0.0.0 10.1.23.3 100 Oi 










*>i4 .0.0.0 10.1.34.4 100 Oi 










♦ill. 0.0.0 10.1.14.1 100 OlOOi 










*> 10. 1.12.1 OlOOi 










*> 22.0.0.0 0.0.0.0 32768 i 










*>i33. 0.0.0 10.1.23.3 100 G : 
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On R3 






R3#Sh ip bgp 










BGP table version is 10, local router ID is 33.3.3.3 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










rR]B-iailurc,S Stale 










Origin codes: i - 1GP, e - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*>il. 0.0.0 10.1.14.1 100 ' 100 i 










*i 10.1.12.1 100 100 i 










*>i2 .0.0.0 10. 1.23.2 100 Oi 










*> 3.0.0.0 0.0.0.0 3 2 ~6* : 










*>i4 .0.0.0 10.1.34.4 100 Oi 










*>il 1.0.0.0 10.1.14.1 100 100 i 










*i 10.1.12.1 100 100 i 










*>i22.0.0.0 10.1.23.2 100 Oi 










*> 33.0.0.0 0.0.0.0 32768 i 










On R4 










R4r^Sh ip b^p 










BCJP tabic version is 8, local router ID is 4.4.4.4 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r Rl B -fail Lire, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*i 1.0.0.0 10.1.12.1 100 OlOOi 










*> 10. 1.14.1 1 00 i 










*>i2.0.0.0 10.1.23.2 100 Oi 










*>i3. 0.0.0 10.1.34.3 100 Oi 










*> 4.0.0.0 0.0.0.0 32768 i 










♦ill. 0.0.0 10.1.12.1 100 OlOOi 










*> 10.1.14.1 OlOOi 










*>i22.0.0.0 10.1.23.2 100 Oi 










*>i33. 0.0.0 10.1.34.3 100 Oi 
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Task 2 

Configure AS 200 such that router Rl in AS 100 takes R4 to reach any prefix advertised 
in AS 200. Manipulate MED to accomplish this task. 



The following output shows the existing BGP table of Rl before manipulating the 
MED attribute: 

On Rl 



RlsShipbgp 

BGP tabic version is 8, local router 1 D is 1 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-failurc. S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32 


"68 : 


* 2.0.0.0 


10.1.14.4 






200 


*> 


10. 1.12-2 







200 


* 3.0.0.0 


10.1.14.4 






200 


*> 


10.1.122 






200 


*> 4.0.0.0 


10.1.14.4 







200 


•> 1 1 .0.0.0 


0.0.0.0 





32768 i 


* 22.0.0.0 


10.1.14.4 






200 


*> 


10.1.122 







200 


* 33.0.0.0 


10.1.14.4 






200 


*> 


10.1.122 






200 



Note the output of the "Show ip bgp"" command on Rl slums that some of the 
networks are reachable through R2 and some through R4 

On R2 

R2(config)#routomap TST permit 10 
R2iconf]g-routc-map)r*sct metric 100 

R2(config)#rauterbgp 200 

R2ieonfig-routcr)#ncighbor 10.1.12.1 route-map TST out 

MED is used as a suggestion to an external AS regarding the preferred route into 
the AS that is advertising the metric. The reason suggestion is used here is because 
the AS that is receiving MED attribute could use another attribute 
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such as Weight that will override the MED attribute. As Jar as MED is concerned. 








the lower value has the better preference. 










To verify the configuration: 










On m 










RI*Shipbgp 










BGP tabic version is 12, local router ID is 1 1 . 1 . 1 . 1 










Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 










r RIB -failurc,S Stale 










Origin codes: i - IGP, c - EGP, 7 - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 0.0.0.0 32768 i 










*> 2.0.0.0 10.1.14.4 200i 










* 10.1.12.2 100 200i 










*> 3.0.0.0 10.1.14.4 20(1 i 










* 10.1.12.2 100 200i 










* 4.0.0.0 10.1.12.2 100 200i 










*> 10.1.14.4 200 i 










*> 1 1.0.0.0 0.0.0.0 32768 i 










*> 22.0.0.0 10.1.14.4 200 i 










* 10! . 12.2 100 200i 










*> 33.0.0.0 10.1.14.4 200 i 










* 10.1.12.2 100 200i 










Note Rl is taking R4 to reach all the networks in this topology 








Task 3 






Remove the configuration command from the previous task before proceeding to the next 






task. 








On R2 










R2(config)#NO route-map 1ST 










R 2 icon figure utcrbgp 200 










R2(config-rontcr)rrN() neighbor 10.1.12.1 route-map 1ST out 
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Task 4 

Configure AS 200 such that AS 1 00 goes through R4 to reach prefix 33.0.0.0 .'24 and R2 
to reach Prefix 3.0.0.0 /8. Utilize MED to accomplish this task. 



TIil 1 following output Shows the existing BGP table of Rl before manipulating the 
MED attribute: 

On Kl 



RlsShipbgp 

BGP table version is 12, local router ID is 1 1 . 1 . 1 . 1 

Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32' 


"68 : 


*> 2.0.0.0 


10.1.14.4 






200 i 


* 


10.1.12.2 







200 i 


*> 3.0.0.0 


10.1.14.4 






ZOO i 


* 


10.1.12.2 






200 i 


* 4.0.0.0 


10.1.12.2 






200 i 


*> 


10.1.14.4 







200 i 


*> I 1 .0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10.1.14.4 






200 i 


* 


10.1.12.2 







200 i 


*> 33.0.0.0 


10.1.14.4 






200 i 


* 


10.1.12.2 






200 i 



Note both net\vorks are reachable via R4 
On R2 

R2(config)#access-list 3 permit 3.0.0.0 
R2 (con fig .^access- list 33 permit 33.0.0.0 

Note it is very easy to remember that access-list 3 is referencing network 3.0. 0.0 and 
access-list 33 is referencing network 33.0.0.0. If possible you should choose an 
access-lint name or number that matches the network. 

R2(config')#routc-map TST permit 10 

R2(config-routc-map)r*match ip addr 3 



CCIE R& S by N ar Ink Kulhar ia ns Adv umitd CC1 E R& S Wo rk Boo k 2 .0 Page 804 of 1068 

C 2009 Narbik kiidinrinn«. All rights reserved 



R2 (con fig-route- map )# set metric 50 

R2(eonfig)#routc-map TST permit 20 
R2 ( co n fig -route- map )# match ip addr 33 
R2(config-routc-map)#sct metric 100 

R2(config)#routc-map TST permit 30 

R2(config)#routcr bgp 200 

R2(eonfig-routcr)#neighbor 10.1.12.1 route-map TST out 

On R4 

R4(config)#acccss-list 3 permit 3.0.0.0 
R4 1 con fig ^access- list 33 permit 33.0.0.0 

R4(eonfig)#ra Lite- map TST permit 10 
R4 f co n fig-route- map )# match ip addr 3 
R4ieonr]g-routc-map)r^sct metric 100 

R4(config)#routc-map TST permit 20 
R4 ( co n fig-route- map )§ match ip addr 33 
R4 (con fig-route- map )# set metric 50 

R4(config)#rautc-map TST permit 30 

R4 (co n fig)#ro Liter bgp 200 

R4(config-routcr)#ncighbor 10.1.14.1 route- map TST out 

To verify the confisjuration: 

On Rl 

Rl#Show ip bgp 

BGP table version is 1 6, local router ID is 1 1 . 1 . 1 . 1 

Status codes: s suppressed;, d damped, h history. * valid, > best, i - internal, 

r RIB- failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

* 2.0.0.0 i 0.1.14.4 200 i 

*> 10.1.122 200 i 
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* 3.0.0.0 


10.1.14.4 


100 


200 i 




*> 


1 0.1.122 


50 


200 i 




* 4.0.0.0 


10.1.12.2 




200 i 




*> 


10.1.14.4 





200 i 




*> 11.0.0.0 


0.0.0.0 





32768 i 




* 22.0.0.0 


10.1.14.4 




200 i 




*> 


10.1.122 





200 i 




*> 33.0.0.0 


10.1.14.4 


50 


200 i 




* 


10.1.122 


100 


200 i 




Note net wo 


rk 3.0.0.0 is reachable via 


R2 and network 33.0.0.0 


is reachable via R4 



Task 5 

Remove BGP routing protocol and any previous BGP related command s from the 
previous tasks and reconfigure tbcm based on the chart below. These routers should 
ONLY advertise their loopback interlaces in BGP. The BGP peering should be 
established as follows: 

Ri should establish EBGP peer sessions with R2 and R4 in AS 200 and 400 respectively. 
R2 should establish EBGP peer sessions with Rl and R3 in AS 100 and 300 respectively. 
R3 should establish EBGP peer sessions with R2 and R4 in AS 200 and 400 respectively. 
R4 should establish EBGP peer sessions with R3 and Rl in AS 300 and 1 00 respectively. 



Router 


Interface 


IE* Address 


AS number 


Rl 


LdO 


1.1.1.1 .8 


1 00 




Lol 


I 1 . 1 . 1 . 1 ;8 






SO ,0. 12 


10.1.12.1 .24 






F0 


10.1.14.1 24 




R2 


LoO 


2.2.2.2 M 


200 




Lol 


22.2.2.0/8 






SO 11.21 


10.1.12.2/24 






F0 


10.1.23.2/24 




R3 


LoO 


T T ~1 ~\ iO 

JJJJ ,'H 


300 




Lol 


33.3.3.0 8 






F0 


10.1.23.3/24 






SO/ 0.34 


10.1.34.3 24 




R4 


LoO 


4.4.4.4 '8 


400 




F0/0 


10.1.14.4 '24 






SO/0.43 


1(1.1.34.4 '24 
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AS 100 




On Kl 



R](config)#NO router bgp 100 

R 1 (con fig)#ro liter bgp 1 00 

Rl (config-routcr)#no au 

R 1 (co n %-ro utcr)# nctw 1 . 0. . 

R! (config-routcr)^nctw 1 1.0.0.0 

Rl(config-roLUcr)#ncighbor 10.1.12.2 rcmotc-as 200 

Rl (corifig-roiitcr)#ricighbor 10.1 . 14.4 rcmotc-as 400 

On R2 

R2(config)#\0 router bgp 200 
R2(config)#\0 access-list 3 
R2(config)#NO access-list 33 
R2(oonfig)#NO route-map TST 

R2(config)#rautcrbgp 200 
R2(config-roLitcr)#r)ct\v 2.0. 0.0 
R2(config-roLitcr)r= : nct\v 22.0. 0. 
R2(a:inf]g-routcr)#no au 
R2(contlg-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 
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R2 j c o n fig-ro u t cr)#ncig hbo r 10.1 


— S .2 


rcmotc-as 


300 


On RJ 








R3(config)#NO router bgp 200 








R3(config)#routcrbgp 300 








R3 (con fig-ro utcr)f*rio au 








R3(config-roLiter)#nctw 3.0. 0.0 








R3 (con fig-ro Liter )% net w 33.0. 0. 








R 3 f c o n fig -ro u t cr )# ncig hbo r 1 . 1 


23.2 


remote- as 


200 


R3(config-roLiter)#ricighbor 1 0. 1 


34.4 


rcmotc-as 


400 


On R4 








R4(config)#NO router bgp 200 








R4(config)#NO access- list 3 








R4(config)#NO access-list 33 








R4(config)#\0 route-map TST 








R4(config)*routcr bgp 400 








R4(config-routcr)f^no au 








R4 (con fig-ro uter)#netw 4.0. 0.0 








R4 (co n fig-ro n t cr)#ncig hbo r 1 . 1 


14.1 


rcmotc-as 


100 


R4 (con fig-ro u t cr) S ncig hb o r 10.1 


34.3 


rcmotc-as 


300 


To verifv the cunfitruration 


: 






On kl 








Rl#Show ip bgp 








Rl#Shipbgp 








BGP table version is 18, local router ID is 1 1 . 1 . 1 


.1 


Status codes: s suppressed, d damped. 


h history, 


* valid, > best, i - internal, 


r RIB -failure, S Stale 








Origin codes: i ■ 1GP, c - EGP, ? 


■ incomplete 




Network Next Hop Metric LocPrf Weight Path 


*> 1.0.0.0 0.0.0.0 





327 


68 i 


*> 2.0.0.0 10.1.12.2 







200 i 


* 3.0.0.0 10.1.144 






400 300 i 


*> 10.1.12.2 






200 300 i 


*> 4.0.0.0 10. 1.14.4 







400 i 
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*> 1 1.0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10. 1.12.2 





200 i 


* 33.0.0.0 


10.1.144 




400 300 i 


*> 


10.1.12.2 




200 300 i 



Task 6 

Configure R4 in AS 400 to pass a MED of 100 to Rl in AS 100 and configure R2 in AS 
200 to pass a MED of 1 20 to Rl in AS 100. 



On R2 

R2(config)r?routc-map TST permit 10 
R2(config-routc-map)r*sct metric 120 



R2(config)#routcrbgp 200 

R2 (co n fig-ro u tcr) "ncig hbo r 10.1. 

On R4 



2. 1 route- map TST out 



R4 (co n fig )P route- map TST permit 10 
R4iconfig-routc-map)nsct metric 100 

R4(config)#routcrbgp 400 

R4 (con fig-ro utcr)#ncig hbo r 10.1.14.1 route- map TST out 

To verify the configuration: 

On Rl 

RlfrShow ip bgp 

BGP table version is 25, local router ID is 1 1 . 1 . 1 . 1 

Status codes: s suppressed;, d damped, h history. * valid, > best, 

r RIB- tailurcS Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 



- internal. 
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*> 2.0.0.0 


10.1.12.2 


120 


200 i 


*> 3.0.0.0 


10.1.14.4 


100 


400 300 i 


* 


10.1.12.2 


120 


200 300 i 


*> 4.0.0.0 


10.1.14.4 


100 


400 i 


*> 11.0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10.1.12.2 


120 


200i 


*> 33.0.0.0 


10.1.14.4 


1 00 


400 300 i 


* 


10.1.12.2 


120 


200 300 i 



Task? 

Ensure that R I in AS 100 always takes R4 to reach all other prefixes advertised in this 
topology. You should configure Rl to accomplish this task. 



On kl 

R 1 fco n fig)#ro Liter bgp 100 
Rl(config-routcr)r*bgp always-compare-med 
Rl(config-router)#bgp hestpath as-path ignore 

Note the tab key x^ ill not W#rk \*hen entering the "bgp hestpath as-path ignore'" 

command. This command is a hidden one. 

The MED as stated in RFC 1771, is an optional no n -transitive attribute. The value of this 
attribute may be used by the BGP best path selection process to discriminate among 
multiple exit points to a neighboring AS. The lower the value the better the path. The 
MED value comparison is done only among paths from the same AS. The "Imp uIulu s- 
compare-med '' command is used to change this behavior by enforcing MED comparison 
between all paths, regardless of the AS from which the paths are received. 

Note the second command "h\iP bestpath as-path ignore' ' is also needed as part of the 
solution in accomplishing this task, this command is needed because as-path and the 
origin attributes are looked at before the MED attribute. Since the Origin attribute is 
identical for all routes and BGP routing protocol is told to ignore the as-path attribute in 
best path calculation, BCiP will look at the MED value next. 

To verity the configuration: 
On kl 
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Rl^Sh ip bgp 

BGP tabic version is 8, local router ID is 1 I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RlB-tailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32768 i 


*>2JML€ 


10.1.14.4 


100 


400 300 200 


* 


10.1.12.2 


120 


200 i 


*> 3.0. 0.0 


10.1.14.4 


100 


400 300 i 


* 


10.1.12.2 


120 


200 300 i 


*> 4.0.0.0 


10.1.14.4 


100 


400 i 


* 


10.1.12.2 


120 


200 300 400 


*> I 1 .0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10.1.14.4 


100 


400 300 200 


* 


10.1.12.2 


120 


200 i 


*> 33.0.0.0 


10.1.14.4 


100 


400 300 i 


* 


10.1.12.2 


120 


200 300 i 



Note Rl takes R4 to reach all the networks in this topology 



Task8 

Remove the BGP configuration performed in Task 6. Configure R4 in AS 400 to pass a 
MED value of 100 to Rl in AS 100; R2 in AS 200 should NOT pass any MED values to 
Rl. Ensure that R! in AS 1 00 takes R4 to reach any prefix advertised in this topology 
except the ones originated by R2. DC) NOT use any global config command's as part of 
the solution to this task. 



To remove the configuration performed in Task 6 and verify the configuration: 

On R2 

R2i;config)#routcrbgp 200 

R2iconfig-routcr)#N(> neighbor 10.1.12.1 route-map TST out 

R2i;config)#NO route-map TST 
On R4 
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R4i;config')#routcr bgp 400 






R4 icon fig -routcr)#NO neighbor 10. 1.1 .4.1 route-map TST out 










R4(eonfig)#\0 route-map 1ST 










I o verify the cunfitfuratiun: 










On Kl 










Rl*Shipbgp 










BGP table version is 8, local router ID is I 1 . 1 . 1 . 1 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -failure, S Stale 










Origin codes: i ■ 1GP, e ■ EGP, ? ■ incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 0.0.0.0 32768 i 










*> 2 . . 0. 10.1.14.4 40 30 20 i 










* 10.1.112 200 i 










*> 3.0.0.0 10.1.14.4 400 300 1 










* 10.1.12.2 200 300 i 










*> 4.0.0.0 10.1.14.4 400 i 










* 10.1.12.2 0200 300 400 i 










*> 11.0.0.0 0.0.0.0 32768 i 










*> 22 .0 .0 .0 10. 1. 14.4 40 300 200 i 










* 10.1.12.2 200i 










*> 33.0.0.0 10.1.14.4 400 300i 










* 10.1.12.2 200 300 i 










To configure R4 to pass a MED value of 100 to Rl: 










On R4 










R4(config)#routc-map TST per 10 










R4(config-routc-map)#sct metric 100 










R4 (co n fig-ro utc- map )# router bgp 400 










R4f con f:t>router) -neigh 10. 1.14.1 route-map TST out 










On Kl 










RI*Shipbgp 
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*> 2.0.0.0 


10.1.12.2 





200 i 


* 


10.1.14.4 


100 


400 300 200 i 


* 3.0.0.0 


10.1.12.2 


4294967295 


200 300 i 


*> 


10.1.14.4 


100 


400 300 i 


* 4.0.0.0 


10.1.12.2 


4294967295 


200 300 400 i 


*> 


10.1.14.4 


100 


400 i 


*> 1 1.0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10.1.12.2 





200i 


* 


10.1.14.4 


1 00 


400 300 200 i 


* 33.0.0.0 


10.1.12.2 


4294967295 


200 300 i 


*> 


10.1.14.4 


100 


400 300 i 


Note Rl takes the path th 


rough R4 to get 1 


o all the routes except the network's 


ad\ L'rtised b\ R2. The reason that Rl goes 


through R2 to reach the networks that 


are originated In R2 is be 


cause R2 is givin 


g a MED value of lor the networks that 


it originated. 


When Rl to 


rnpares to 100, 


it will take the route with the lowest 


MED. 









Task 9 



Erase the startup conlig and reload the routers be fore proceeding to the next lab. 
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Lab 16- 
Filtering Using Access-lists and Prefix-lists 



AS 100 



/ 



AS 200 



-:j.1 



X 




"■.. 



FX'3 



10.1.14.0 £4 



1B-.123.DJ24 



f:.: 




FCC 



-'■ 



N 



\ 



V AS 400 



AS 300 



Lali St'tuu: 

> Configure the routers that arc conncc ted to the frame- relay clouds in a po int-to- 
point manner. 

> R I and R4 ! s FO/0 interface should be configured in VLAX 14. 

> R2 and R3 ! s FO/0 interlace should be configured in VLAX 23. 
'f" Use the lb (lowing IP addressing chart for IP address assignment. 
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II J illicit -cssing: 



Router 


Interface 


IP Address 


AS nuitiher 


Rl 


LoO 


1.1.0.1 24 


1 00 




Lol 


I.I. I.I ,24 






Lo2 


1.1.2.1 24 






Lo3 


1.1.3. 1 .24 






Lo4 


1.1.4.1 .24 






SO 0.12 


10.1.12.1 ,24 






F0 


10.1.14.1 24 




R2 


LoO 


2.2.2.2 ,'S 


200 




Lol 


22.2.2.2/8 






SO/0.2] 


10.1.12.2/24 






FO 


10.1.23.2 ,'24 




R3 


LoO 




300 




Lol 


-?:>.:?..?..? /8 






FO 


10.1.23.3,24 






SO/0.34 


10.1.34.3 ~>4 




R4 


LoO 


4.4.4.4 /8 


400 




F0/0 


10.1.14.4 '24 






SO 0.43 


10.1.34.4 '24 





Task I 

Configure l hi: ruuU'rs aeeordiriL" lu ihu 1 abo \ c IP addressing eharli these millers shuu'.d 
ONLY advertise their Loophack interface's in BGP. the peering between the routers 
should he established as follows: 

Rl should establish EBGP peer sessions with R2 and R4 in AS 200 and 400 respectively. 
R2 should establish EBGP peer sessions with Rl and R3 in AS 100 and 300 respectively. 
R3 should establish EBGP peer sessions with R2 and R4 in AS 200 and 400 respectively. 
R4 should establish EBGP peer sessions with R3 and Rl in AS 300 and 100 respectively. 
Provide NLR1 for the links using RIPvZ. disable automatic: summarization. 



On Rl 












R 1 (co nfig)#ro utcr bgp 1 00 










Rl (config-routcr'j^no an 












Rl (conf]g-routcr)#nctw 1 


1.0.0 


mask 


255. 


.255. 


255.0 


R!(coniig-routcrY#nctw 1 


1.1.0 


mask 


2%% 


MS 


25SJQ 


Rl (config-routcr'^nctw I 


1.2.0 


mask 


7,55 


■>^s 


255.0 


R 1 (config-routcr)#nctw 1 


1.3.0 


mask 


255. 


255. 


255.0 


Rl(cxMifig-roiiter)#netw 1 


1.4.0 


mask 


}%% 


">SS 


255.0 
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Rl (config-routcr)#ncighbor 10.1.12.2 rcmotc-as 200 




R 1 (config-routcr)#ncighbor 10.1 . 14.4 rcmotc-as 400 




On R2 




R2(config)#rautcrbgp 200 




R2(config-roLitcr)f*nct\v 2. 0. 0.0 




R2 (co n fig-ro uter)#netw 22 . 0. 0.0 




R2 ( c o n fig-ro a t cr )#no au 




R2(config-router)#ncighbor 10.1.12.1 rcmotc-as 100 




R2iconfig-routcr)#ncighbor 10.1.23.3 rcmotc-as 300 




On R3 




R3(config)#roLitcrbgp 300 




R3(config-routcr)#no au 




R3(config-roLitcr)ri ! nct\v 3.0. 0.0 




R3(config-routcr)ri ! nct\v 33.0. 0. 




R 3 (con fig-router)^ neighbor 10.1.23.2 rcmotc-as 200 




R3(config-routcr)#ncighbor 1 0.1 .34.4 rcmotc-as 400 




On R4 




R4 (con fig )#ro Liter bgp 400 




R4 (co n fig-ro u t cr ) ft no m.i 




R4(config-roLUcr)#nctw 4.0. 0.0 




R4(config-routcr)#ncighbor 10.1.14.1 rcmotc-as 100 




R4 (con fig-ro utcr)#ncighbor 10.1.34.3 rcmotc-as 300 




I o verify the configuration: 




On Rl 




RI*Shipbgp 




BC3P tabic version is 1 1 , local router ID is 1. 1 .4. 1 




Status codes: s suppressed, d damped, h history; * valid, > best, i 


- internal, 


r RIB-iailurc, S Stale 




Origin codes: i - 1GP, c - EGP, 7 - incomplete 




Network Next Hop Metric LocPrf Weight Path 




*> 1.1. 0. 024 0.0.0.0 32768 i 




*> 1.1.1.0 24 0.0.0.0 32768 i 
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*> 1.1.2.0 24 0.0.0.0 32768 i 






*> 1.1.3. 0.24 0.0.0.0 3276Si 










*> 1.1.4.0/24 0.0.0.0 32768 i 










*> 2.0.0.0 10.1.12.2 0200i 










* 3.0.0.0 10.1.14.4 400 300 i 










*> 10.1.12.2 O20O300i 










* 4.0.0.0 10. 1 . 1 2.2 200 300 400 i 










*> 10.1.14.4 400i 










*> 22.0.0.0 10.1.12.2 200i 










* 33.0.0.0 10. 1.14.4 400 300 i 










*> 10.1.12.2 Q 200 300 i 










On R2 










R2*Sh ip bsp 










BGP tabic version is 1 1 , local router ID is 22.222 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










rRlB-iailurc, S Stale 










Origin codes: i - 1GP, c - EGP, '.' - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.1.0.0/24 10.1.12.1 ^ 100 i 










*> 1.1.1.0.24 10.1.12.1 IOOi 










*> 1.1.2.0.24 10.1.12.1 IOOi 










*> IX3.G/24 10.1.12.1 IOOi 










*> 1.1 .4004 10.1.12.1 100 i 










*> 2.0.0.0 0.0.0.0 32768 i 










*> 3.0.0.0 10.1.23.3 300i 










* 4.0.0.0 10.1. 12.1 100 400 i 










*> 10.1.23.3 300 400 i 










*> 22.0.0.0 0.0.0.0 32768 i 










*> 33.0.0.0 10.1.23.3 300 i 










On R3 










R3#Sfi ip bfip 










BGP table version is 1 1 , local router ID is 33.3.3.3 










Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 










r RIB -failure, S Stale 










Origin codes: i - 1GP, c - EGP, '- 1 - incomplete 
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Network Next Hop Metric LocPrf Weight Path 






* 1.1.0.0 24 10. 1.34 .4 400 100 i 










*> 10.1.23.2 200 100 i 










* 1.1.1.0/24 IG.1.34.4 400 100 i 










*> 10.1.23.2 0200 100 i 










* 1 . 1 2 .0/24 1 0.1 .34 .4 4 00 100 i 










*> 10.1.23.2 200 100i 










* 1.1.3.0 24 10.1.34.4 400 100 i 










*> 10.1.212 200 100i 










* l.IAO/24 10.1.34.4 0400 100 i 










*> 10.1.23.2 200 100 i 










* 2.0.0.0 10.1.34.4 400 100 200 i 










*> 10.1,71,7 200i 










*> 3.0.0.0 0.0.0.0 32768 i 










*> 4.0.0.0 10.1.34.4 04001 










* 22.0.0.0 10.1.34.4 400 100 200 i 










*> 10.1.23.2 200i 










*> 33.0.0.0 0.0.0.0 32768 i 










On R4 










R4^Sh ip bgp 










BGP tabic version is 1 1 , local muter ID is 4.4.4.4 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -foi lure, S Stale 










Origin codes: i - IGP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.1.0.0/24 10.1.14.1 OlOOi 










* 10.1.34.3 300 200 100 i 










*> 1.1.1.0/24 10.1.14.1 OlOOi 










* 10.1.34.3 300 200 100 i 










*> 1.1.2.024 10.1.14.1 100 i 










* 10.1.34.3 300 200 100 i 










*> 1.1.3.0 24 10.1.14.1 100 i 










* 10.1.34.3 300 200 100 i 










*> 1.1.4.0.24 10.1.14.1 1 00 i 










* 10.1.34.3 300 200 100 i 










*> 2.0.0.0 10.1.14.1 0100 200 i 










* 10.1.34.3 300 200 i 










* 3.0.0.0 10.1.14.1 100200300 i 










*> 10.1.34.3 300i 










*> 4.0.0.0 0.0.0.0 32768 i 
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*> 22.0.0.0 


10.1.14.1 




100 200 i 


* 


10.1.34.3 




300 200 i 


* 33.0.0.0 


10.1.14.1 




100 200 300 i 


*> 


10.1.34.3 





300 i 



task 2 

Configure R2 to block network 1 . 1.4.0 .'24 from getting into its routing and BGP tables. 
L'scdistributc-list and access-list to accomplish this task. 



On R2 

R2(config)#acccss-list 4 deny 1. 1.4.0 0.0.0.255 
R2 (c o n fig )# ace ess- list 4 permit any 

R2(config)#routerbgp 200 

R2fconfig-roLitcr)#ncighbor 10.1.12.1 distribute- list 4 in 
R2(eonfig-routcr)#ncighbor 10.1.23.3 distribute- list 4 in 

Note the tricky part »as to understand the topology, if the topology In not 
understood, silly mistakes can occur which can cost points. The tricky part of this 
task is to block the prefix from both neighbors. 

To verify the configuration: 

On R2 
R2#S1 ip bgp 

BGP table version is 10, local router ID is 22.222 

Status codes: s suppressed, d damped,, h history, * valid, > best, i - internal, 

r RlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Metric LocPrf Weight Path 



Network 


Next Hop 


*> 1.1.0.0.24 


10.1.12.1 


* 


10.1.23.3 


*> 1.1. l.Q-24 


10.1.12.1 


* 


10.1.23.3 


*> 1. 1.2. 24 


10.1.12.1 


* 


10.1.23.3 















100 i 

300 400 100 

100 i 

300 400 100 

100 i 

300 400 100 
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*> 1.1.10/24 


10.1.12.1 





100 i 


■-■ 


10.1.23.3 




300 400 100 i 


*> 2.0.0.0 


0.0.0.0 





32768 i 


* 3.0.0.0 


10.1.12.1 




100 400 300 i 


*> 


1 0. 1 .23.3 





300 i 


*> 4.0.0.0 


10.1.12.1 




100 400 i 


* 


10.1.23.3 




300 400 i 


*> 22.0.0.0 


0.0.0.0 





32768 i 


* 33.0.0.0 


10.1.12.1 




100 400 300 i 


*> 


10.1.23.3 





300 i 


Note the netwti 


k is filtered. 







Task 3 

Remove the configuration command from previous task, and accomplish the same task 
using prefix -list and distribute- list. 



On R2 

R2 (co n fig )#N ( ) access- 1 i st 4 

R2(config)#rautcrbgp 200 

R2i;config-routcr)i*\0 neighbor 10.1.12.1 distribute- list 4 in 

R2(config-roLitcr)ri ! NO neighbor 10.1.23.3 distributolist 4 in 

RZiconfig^ip prctix-list TST sec. 5 deny 1.1 .4.0 24 
R2(config>#ip prefix-list TST sec. 1 permit 0.0.0.0/0 le 32 

R2(config)#rautcrbgp 200 

R2(config-routcr)r5 ! ncighhor 10.1.12.1 prefix-list TST in 
R2(config-router)#ncighbor 10.1.23.3 prefix-list TST in 

Note there are many ways to accomplish a given task, understanding and 
remembering the different way scan be the key to success. 

To verity the configuration: 

On R2 

R2*Sh jjj ban 
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BGP table version is 10, local router ID is 22.2.2.3 






Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 










r RlB-tailure s S Stale 










Origin codes: i - IGP. c - EG P. ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.1.0.0.24 10.1.12.1 ~ 100 . 










* 10.1.23.3 300 400 100 i 










*> 1.1.1.0,24 10. 1.12. i 100 i 










* 10.1.23.3 300 400 1 00 i 










*> 1.1.2.0.24 10.1.12.1 OlOOi 










* 10.1.23.3 300 400 100 i 










*> 1.1. 3.0 '24 10.1.12.1 100 i 










* 10.1.23.3 300 400 1 00 i 










*> 2.0.0.0 0.0.0.0 32768 i 










* 3.0.0.0 10.1.12.1 100 400 300 i 










*> 10.1.23.3 300i 










*> 4.0.0.0 10.1.12.1 0100 400 i 










* 10.1,7,11 300 400 i 










*> 22.0.0.0 0.0.0.0 32768 i 










* 33.0.0.0 10.1.12.1 100 400 300 i 










*> 10.1.23.3 0300i 










Note the network is filtered. 








Tusk 4 








Configure R3 in AS 300 to block network 22.0.0.0 '8 from entering its routing and BGP 








table. DC) NOT use distribute- list or prefix -list. A route-map and an aeccss-list should be 








used to accomplish this task. 










On R3 










R3(C0nfig)#aCCesS-list 22 deny 22.0.0.0 










R3(config)#acccss-list 22 permit any 










R3 (eon fig )#ro utc- map TST permit 10 










R3(config-routc-map)f*match ip addr 22 










R3i:config)f^routcr bgp 300 


>6S 
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R3(config-routcr)#ncighbor 1 0. 


.23.2 route- map 


1 ST in 


R 3 1 c o n fig-ro u tcr)#ncig hbo r 10. 


1.13.1 route-map 


1ST in 


To verify th 


e configuration: 




On R3 








R3#Sh ip bgp 








BGP tabic version is 10* local rt 


Liter ID is 33.3.3.3 


Status codes: s 


suppressed, d damped, h history. 


* valid, > best, i - internal, 


r RlB-ikilurc, S Stale 






Origin codes: i 


-IGP^c-EGP,'. 


- incomplete 




Network 


Next Hop 


Metric LocPrf W 


eight Path 


*> 1.1. 0.0; 24 


10.1.34.4 




400 1 00 i 


* 


10.1.232 




200 1 00 i 


*> 1.1.1.0 24 


10.1.34.4 




400 1 00 i 


* 


10.1.232 




200 1 00 i 


*> 1. 1. 2. 24 


10.1.34.4 




400 100 i 


* 


10.1.23.2 




200 1 00 i 


*> 1 .1 .3.Q'24 


10.1.34.4 




400 100 i 


* 


10.1.23.2 




200 100 i 


*> 1.1.4.0 24 


10.1.34.4 




400 100 i 


* 2.0.0.0 


10.1.34.4 




400 100 200 i 


*> 


10.1.23.2 





200 i 


*> 3.0.0.0 


0.0.0.0 


[) 


52768 i 


*> 4.0.0.0 


10.1.34.4 





400 i 


* 


10.1.232 




200 1 00 400 i 


*> 33.0.0.0 


0.0.0.0 


D 


32768 i 



Task 5 

Remove the configuration from the previous task. L'sc minimum number of lines in the 
access-list to filter network 22.0.0.0 8 from the BGP and IP routing table of R3. You 
should use an access-list and a mute-map to accomplish this task. 



On R3 



R3 (con fig^acccss- list 22 permit 22.0.0.0 
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R3(config')#ro Lite- map TST deny 10 






R3fcont"ig-roLitc-map)T*match ip addr 22 










R3(config)#roLitt>map TST permit 20 










R3(ocmfigj#routerbgp 300 










R3(config-router)#neighbor 10.1.23.2 route-map TST in 










R 3 (config-roLitcr)# neighbor 10.1.13.1 route-map TST in 










To verify the configuration: 










On R3 










R3#Sh ip frgp 










BGP table version is 10, local router ID is 33 3 3.3 










Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 










r RIB -tail Lire, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Mctrie LocPrf Weight Path 










*> 1.1.0.0 24 10.1.34.4 400 100 i 










* 10.1.23.2 200 1 00 i 










*> 1.1.1.0 24 10.1.34.4 400 1 00 i 










* 10.1.23.2 200 1 00 i 










*> 1 .1.2.0 24 10.1.34.4 400 100 i 










* 10.1.23.2 200 100 i 










*> 1.1.3.0/24 10.1.34.4 400 100 i 










* 10.1.23.2 200 1 00 i 










*> 1.1.4.0/24 10.1.34.4 400 1 00 i 










* 2. 0.0.0 1 0. 1 . 34.4 400 1 00 200 i 










*> 10.1.23.2 200i 










*> 3.0.0.0 0.0.0.0 32768 i 










*> 4.0.0.0 10.1.34.4 0400 i 










* 10.1.23.2 200 100 400 i 










*> 33.0.0.0 0.0.0.0 32768 i 










When we are asked to configure an access-list with minimum number o IT in es, we 










should always see if the task can he accomplished using a single statement in the 










access-list. 
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Task 6 

Configure R4 to filter network 1. 1.0.0 .'24 - 1 . 1.4.0 '24 from it's BGP and IP routing 
tabic, this filtering should be configured on R4. but R! and R3 should actually perform 
the filtering. 



On R4 

R4(config)#ip prefix-list TST scq 5 deny 1.1.0.0/24 
R4i;config)#ip prefix-list TST seq 1 deny 1.1. 1.0/24 
R4(config')#ip prefix-list TST scq 15 deny Ll.2.0'24 
R4(config)#ip prefix-list TCT scq 20 deny 1.1 .3.0/24 
R4(eonfig)#ip prefix-list TST scq 25 deny 1.1. 4.0' 24 
R4i;config)#ip prefix-list TST scq 30 permit 0.0.0.0/0 le 32 

R4(config)#routcrbgp 400 

R4(config-routcr)#ncigh 10. 1.14.1 prefix-list TST in 
R4(config-roLitcr)#ncigh 10. 1.34.3 prefix-list TST in 

To verify the configuration: 

On R4 

R4*Sh ip bgp 

BGP table version is 8 S local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrl 


Weight Path 


* 2.0.0.0 


10.1.34.3 




300 200 i 


*> 


10.1.14.1 




100 200 i 


*> 3.0.0.0 


10.1.34.3 





300 i 


* 


10.1.14.1 




1 00 200 300 


*> 4.0.0.0 


0.0.0.0 





32768 i 


*> 22.0.0.0 


10.1.14.1 




100 200 i 


*> 33.0.0.0 


10.1.34.3 





300 i 


* 


10.1.14.1 




1 00 200 300 



Note even though the networks are filtered, hut they are filtered on R4 and 
NOT on 113 or Rl, to prove this, perform the following: 

On Rl 
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Rl-Sh ip bgp neighbor 10. 1 .14.4 advertised -routes 






BGP table version is 46, local router ID is 1. 1 .4. 1 










Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 










r RIB -tail ure, S Stale 










Origin codes: i - 1GP, c - EGP, '.' - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.1. 0.0; 24 0.0.0.0 32768 i 










*> I.I. 1. 0/24 0.0.0.0 32768 i 










*> 1.1.2.0,24 0.0.0.0 32 7 68i 










*> 1.1.3.0.24 0.0.0.0 32768 ] 










*> 1.1.4.0/24 0.0.0.0 32768 i 










*> 2.0.0.0 10.1.12.2 0200i 










*> 3.0.0.0 10. 1.12.2 O20O3O0i 










*> 4.0.0.0 10. 1.14.4 40Oi 










*> 22.0.0.0 10.1.12.2 200i 










*> 33.0.0.0 1 0. 1. 12.2 200 300 i 










On R3 










R3~Sh ip bgp neighbor 10. 1 .34.4 advertised -routes 










BGP table version is 24, local router ID is 33.3.3.3 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RlB-failurc, S Stale 










Origin codes: i - 1GP, c - EGP, 7 - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.1.0.0/24 10.1.23.2 200 100 i 










*> 1.1.1.0 24 10.1.23.2 200 100 i 










*> 1.1.2.0/24 10.1.23.2 200 100 i 










*> 1.1.3. 0/24 1 0. 1.23.2 200 10 i 










*> 2.0.0.0 10.1.23.2 200i 










*> 3.0.0.0 0.0.0.0 32768 i 










*> 4.0.0.0 10.1.34.4 400i 










*> 33.0.0.0 0.0.0.0 32768 i 










Total number of prefixes 8 










Note the filtering is not performed by R3 or Rl, they are still advertising the 










routes to R4 and R4 is performing the filtering. 










In order to actually perform the filtering on R3 and Rl, the "ORF" feature of 










BGP can be used, once the ORF capability is exchanged between the routers. 
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R3 and Rl will take the inbound filtering configured on R4 and they wi 
perform it on the outbound direction. 

On K3 

R3(config)#routcrbgp 300 
R3(config-routcr)#addrc$5- family ipv4 unkast 
R3(config-routcr-af)#neighbor 10.1.34.4 cap a 1 m I it v orf prefix- list receive 

On Rl 



R ! (eonfig)#mutcr bgp 1 00 

Rl(eonfig-routcr)#addrcss- family ipv4 unkast 

Rl (eonfig-routcr-af)r*neighbor 10.1.14.4 capability orf prefix- list receive 

On R4 

R4 (con figure Liter bgp 400 
R4(config-routcr)#addrcss- family ipv4 unkast 

R4(c:onfig-roLUcr-af)s : neighbor 10.1.14.1 capability orf prefix- list send 
R4(config-routcr-af)r*neighbor 10.1.34.3 capability orf prefix-list send 

Note Rl and R3 are receiving the ORF, whereas, R4 is sending them. These 
routers can also be configured in both directions using the keyword "both'", in 
which case they will both send and receive ORF. 

When these commands are entered, the BCrP peer session will be reset by the 
BGP process. 

On Rl 



R l#S|j ip bgp neighbor 1 0. 1 . 1 4.4 advertised -routes 

BGP tabic version is 5 1 , local router ID is 1,1,4.1 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RlB-tailurc, S Stale 
Origin codes: i - 1GP. c - EGP, ? - incomplete 



Network 

*> 2.0.0.0 
*> 3.0.0.0 
*> 22.0.0.0 
*> 33.0.0.0 

On R3 



Next Hop Metric LocPrf Weight Path 

10.1.12.2 200i 

10.1.12.2 200 300 i 

10.1.12.2 200i 

10.1.12.2 200 300 i 
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R3r*Sh ip bgp neighbor 10. 1 .34.4 advertised -routes 

BGP tabic version is 28, local router ID is 33.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Nctw o rk X cxt Ho p M ctric Loc P rf Weight P at h 
*> 2.0.0.0 10.1.23.2 200i 

*> 3.0.0.0 0.0.0.0 32768 i 

*> 33.0.0.0 0.0.0.0 32768 i 

No It: Rl and R3 are no longer advertising the lilt find networks to R4, because 
filtering is performed by these routers. 



Task? 



Erase the startup contlg and reload the routers before proceeding to the next lab. 
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Lab 17 - Regular Expressions 






s 



AS 100 



/ 



AS 200 



\ 




10.1.23.0/24 



/ 



s 



V 




FD.'G 



X 



\ 

; 
/ 



AS 400 y 



AS 300 



/ 



s 



l.al> Si'tuu: 

/* Configure the routers that are connected to the frame- relay clouds in a point-to- 
point manner. 

> R2 and RJ's FO/0 interface should he configured in VLAX 23. 

> Use the following IP addressing chart for IP address assignment. 
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II J illicit -cssing: 



Router 


Interface 


IP Address 


AS nu in her 


Rl 


LoO 
SO 0.12 


1.1.1.1 .8 
10.1.12.1 ,24 


1 00 


R2 


LoO 

SO/0.21 

FO/0 


2.2.2.2 fi 
I O.I. 12.2 ,'24 
10.1.23.2 ,'24 


200 


R3 


LoO 
FO/O 
SO; 0.34 


T 1 1 1 C 1 
3 .J. -J.J 1 fc 

10.1.23.3 24 
10.1.34.3 24 


300 


R4 


Lafl 

SO 0.43 


4.4.4.4 .'8 
10.1.34.4 ,'24 


400 



I ask I 

ConJiiairc the routers Lieeordint: to the Liho\e IP addressing ehart: these routers should 

ONLY advertise their LoopbackO interface in BGP, the peering between the routers 

should be established as follows: 

Rl should establish EBGP peer sessions with R2 in AS 200. 

R2 should establish EBGP peer sessions with Rl and R3 in AS 100 and 300 respectively. 

R3 should establish EBGP peer sessions with R2 and R4 in AS 200 and 400 respectively. 

R4 should establish EBGP peer sessions with R3 in AS 300. 

Provide NLR1 for the links using RIPv2, disable automatic summarization. 



On Rl 










Rl(config>*routcrbgp 100 
R 1 (con fig-ro utcr)£no au 
R 1 (config-router)#nctw 1 . 0. 0.0 
R 1 (config-routcr)#ncighbor 1 0. 1 


12.2 rcmotc-as 200 


On R2 










R2(config)#routcrbgp 200 
R2 (con fig-ro u ter)# net w 2 . 0. .0 
R2f con fig -router)?* no au 
R2(config-routcr)r*ncighbor 10.1 
R2 (con fig-ro u tcrt^ncig hbo r 10.1 


.12 

.23 


1 rcmotc-as 
3 rcmotc-as 


100 
300 


On R3 
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R 3 ( c o n tig 'jn ro li t cr bgp 30 
EO{ccnifig-roMter)#BQ an 

R3i;config-roLitcr)#nctw 3.0. 0.0 
R3(confjg-routcr)#ricighbor 10.1.23.2 rcmotc-as 200 
R3(config-routcr)#ncighbor 10.1 .34.4 rcmotc-as 400 

On R4 

R4 (configure Liter bgp 400 

R4(eonfig-routcr)#no an 

R4 (co n fig-ro li tcr)#nctw 4 . 0. . 

R4(cc3nf]g-roLitcr)™ncighbor 10.1.34.3 rcmotc-as 300 

On All Routers: 

( co ntig'Jr^ro Liter rip 
fcontig-routcr)#na au 
(coniig-rautcrjnvcr 2 
(config-routcr)#Nct\vork 10.0.0.0 

To verify the confiuuration: 

On Rl 

Rl*Sh ip bgp 

BGP tabic version is 5, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32768 i 


*> 2.0.0.0 


10. 1.12.2 





200i 


*> 3.0.0.0 


10.1.12.2 




200 300 i 


*> 4.0.0.0 


10.1.12.2 




200 300 400 


On R2 








RZrSh ip bgp 









BGP table version is 5, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 
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rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Xctwork 


Next Hop 


*> 1.0.0.0 


10. 1. 12.1 


*> 2.0.0.0 


0.0.0.0 


*> 3.0.0.0 


10.1.23.3 


*> 4.0.0.0 


10.1.23.3 


On 1*3 




R3#Sh in bgp 





Metric LocPrf Weight Path 
" 100 i 

32768 i 

300 i 

300 400 



BGP table version is 5, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -IkilurcS Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

N ct wo r k Next Hop Metric LocP if Weigh t P at h 

*> 1.0.0.0 10.1.23.2 200 100 i 

*> 2.0.0.0 10.1.23.2 200i 

*> 3.0.0.0 0.0.0.0 32768 i 

*> 4.0.0.0 10.1.34.4 400i 

On K4 

R4*Sh ip bgp 

BGP table version is 5, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP S ? - incomplete 

Xctwork Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


10.1.34.3 




300 200 100 


*> 2.0.0.0 


10.1.34.3 




300 200 i 


*> 3.0.0.0 


10.1.34.3 





300 i 


*> 4.0.0.0 


0.0.0.0 





32768 i 
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Task 2 
Configure Rl such that it blocks all the prefixes that originated in AS 300. 






On Kl 

RI(config)#ip as-path access-list 1 deny _3 (HIS 
R! (config)#ip as-path access- list 1 permit .* 

R 1 (co n fig)#ro u ter bgp 1 00 
RI(config-roLUcr)#rafighl>or 10.1.12.2 filter-list 1 in 

To verify the LunliL'u ration: 

On Rl 

RI*Shipbgp 

BGP table version is 4, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-f ail Lire, S Stale 
Origin codes: i - IGP, c - EGP, 7 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 1 0. 1. 12.2 200i 
*> 4.0.0. 1 0. 1 . 1 2.2 200 300 400 i 






Task 3 

Remove the configuration command's from the previous task be fore proceeding to the 
next task. 






On Kl 

Rl(config)#N() ip as-path access- list 1 

R 1 (con fig)#ro u ter bgp 1 00 

Rli;config.rouitcr)#NO neighbor 10.1.122 filter-list 1 in 
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To verify the configuration: 
On Kl 

R I-Sh ip bjjzp 

BGP tabic version is 5, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB-iailurc, S Stale 
Origin codes: i - IGP, c - EG P. ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.12.2 200i 
*> 3.0.0.0 10.1.12.2 200 300 i 
*> 4 . . 0. 10.1.12.2 200 30 40 i 






Tusk 4 

Configure Rl such that it blacks all the prefixes that traversed through AS 300. 






On Rl 

Rl (config)#ip as-path access-list 1 dcny_300_ 
Rl (config)#ip as-path access-list 1 permit .* 

Rl(config>#routcrbgp 100 
Rli;config-roLitcr)r#neighbor 10.1.12.2 filter-list 1 in 

To verify the configuration: 
On Kl 

Rlf^Sh ip bgp 

BGP table version is 2, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 
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Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


0.0.0.0 


32768 i 


*> 2.0.0.0 


! 0.1.12.2 


200 i 



Task 5 

Remove the configuration command from the previous task before proceeding to the next 
task. 



On Rl 








Rl(config)#\0 ip as-path access-list 1 






R 1 (co n fig )# ro u tcr bgp 1 00 

Rl(config-roLitcr)#\0 neighbor 10.1.122 filter-list 1 in 




To verify th 


e configuration: 






On m 








Rl~Sh ip bj^p 








BGP tabic version is 5, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc s S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 


Network 
*> 1.0.0.0 
*> 2.0.0.0 
*> 3.0.0.0 
*> 4.0.0.0 


N ex t H op Metric LocP r f Weigh t P at h 
0.0.0.0 32768 i 
10.1.12.2 200 
10.1.12.2 0200 
10.1.12.2 200 


300 i 
300 400 i 



Task 6 

Configure R3 such that it doesn't advertise the prefixes that originated in it's own AS to 
any of it' s neighbors. 
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On K3 

R3(config)#ip as-path access- list 1 deny '"' S 
R3(config)#ip as-path access-list 1 permit .* 

R3(config)#routcrbgp 300 

R3(config-roLUcr)r*neighbor 10.1.23.2 filter-list 1 out 
R3i;config-routcr)f*iieighbor 10.1.34.4 filter-list 1 out 

To verify the conf'teuratinn: 

On R4 

R4*Sh ip bgp 

BGP tabic version is IS, local router ID is 4.4.4.4 

Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 

r RlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0. 0. 1 . 1 . 34 . 3 3 00 20 1 00 i 

*> 2.0.0.0 10.1.34.3 300 200 i 

*> 4.0.0.0 0.0.0.0 32768 i 

On R2 

R2*Sh ip bgp 

BGP table version is 16, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, '.' - incomplete 

N" ct wo r k Next Hop Metric LocP rf Weigh t Path 

*> 1.0.0.0 10.1.12.1 ~ 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 4.0.0.0 10.1.23.3 300400 i 
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Task 7 

Remove the configuration command from the previous task before proceeding to the next 
task. 



On K3 

EG(COiifig]#NO ip as-path access-list 1 deny A S 

R3(config)#ro Liter bgp 300 

R3(config-routcr)#\0 neighbor 10.1232 filter-list 1 out 

R3(config-roLitcr)#NO neighbor 10.1.34.4 filter-list 1 out 

To verify the configuration: 

On K2 

R2*Sh ip bgp 

BGP table version is 5, local router ID is 222.2 

Status codes: s suppressed, d damped, h history* * valid* > best* i - internal* 

r RlB-iailurc, S Stale 
Origin codes: i - 1GP, e - EG P. '? - incomplete 

Metric LocPrf Weight Path 
" TOO i 

32768 i 

300 i 

300 400 i 



Network 


Next Hop 


*> 1.0.0.0 


10.1.12.1 


*> 2.0.0.0 


0.0.0.0 


*> 3.0.0.0 


10.1.23.3 


*> 4.0.0.0 


10.123.3 


On R3 




R3*Sh ip bgp 





BGP table version is 5* local router ID is 3.3.3.3 

Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 

r RIB- tail urc, S Stale 
Origin codes: i - IGP, c - EGP. '.' ■ incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.23.2 200 100 i 

*> 2.0.0.0 10.1.23.2 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 
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*> 4.0.0.0 10.1.34.4 400i 






On R4 










R4**Sh ip bgp 










BGP table version is 5, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stab 
Origin codes: i - 1GP, e - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 
*> 1 .0. 0. 1 0. 1 . 34. 3 300 200 100 i 










*> 2.0. 0. 1 0. 1 . 34. 3 300 200 i 
*> 3.0.0.0 10.1.34.3 300i 
*> 4.0.0.0 0.0.0.0 32768 i 








Task 8 








Configure R3 such that it blocks all the network from it's neighboring AS 200. 










On R3 










R3(eonfig)#ip as-path access-list 1 deny A 2(H)S 
R3(config)#ip as-path ace ess- list 1 permit .* 










R3( configure Liter bgp 300 
R3(config-routcr)#neighbor 10.1.23.2 filter-list 1 in 










Tn vcrifv the configuration: 










On R3 










R3*Sh ip hm 










BGP table version is 4, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-tailurc, S Stale 
Origin codes: i - IGP, c - EGP, '- 1 - incomplete 


)68 
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Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


10.1.23.2 


200 100 i 


*> 3.0.0.0 


0.0.0.0 


32768 i 


*> 4.0.0.0 


10.1.34.4 


400 i 



I ask 9 

Remove the configuration command tram the previous task before proceeding to the next 
task. 



On R3 








R3(config)#\0 ip as-path access-list 


1 




R 3 (con fig)* router bgp 300 






R3( con fig-router)* \() neighbor 10.1. 


232 filtcr-li 


st 1 in 


To verify th< 


j configuration: 






On R3 




R3*Sh ip bsp 








BGP table version is 5, local router ID is 3.3.3.3 




Status codes: s 


suppressed, d damped. 


h history. * 


valid, > best, i - internal, 


r RIB- 


failure, S Stale 






CD rigin codes: i 


- 1GP, c - EGP, ? - incomplete 




Xctwork 


Next Hop Metric 


LocPrf Weight Path 


*> 1.0.0.0 


10.1.23.2 




200 100 i 


*> 2.0.0.0 


10.1.23.2 




200i 


*> 3.0.0.0 


0.0.0.0 


32768 i 


*> 4.0.0.0 


10.1.34.4 




400 i 



Task HI 

Configure R3 such that it blocks all the prefixes from it's directly connected neighbors. 
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On K3 

R3(config)#ip as-path access-list 1 deny *|0-91-S 
R3 icon fig )#ip as-path access- list 1 permit .* 

R3(config)#routcrbgp 300 

R3(config*OLUcr)#neighbor 10.1.23.2 filter-list 1 in 
R3i;contlg-routcr)r*neighboi- 1(1.1.34.4 filter-list 1 in 



To verify the configuration: 



On K3 
R3#Sh ip bgp 

BGP table version is 3> local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 
r RlB-failurc, S Stale 

Origin codes: i - 1GP, c - EGP, ? - incomplete 

N ct wo rk Next Hop Metric LocP if Weigh t P at h 
*> 1.0.0.0 10.1.23.2 200 100 i 

*> 3.0.0.0 0.0.0.0 32768 i 



Task I I 

Remove the configuration command from the previous task before proceeding to the next 
task. 



On R3 










R3(config)#M) ip as-path access-list 


l 








R3(config)#routcr bgp 300 










R3(config-router)#ND neighbor 10.1 


.23.2 


filter-l 


st 1 


in 


R3fcont1g-roLitcr)#NO neighbor 10.1 


.34.4 filtcr-l 


st 1 


in 


To verify the configuration: 
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On R3 




R3#Sh ip bgp 




BOP tabic version is 5, local router ID is 3.3.3.3 


Status codes: s 


suppressed, d damped, h history, * valid, > best, i - internal, 


r RIB -failure. S Stale 


Origin codes: i 


- 1GP, c - EGP, ? - incomplete 


Network 


Ncx t H o p Metric LocP rf Weigh t Path 


*> 1 .0.0.0 


10. 1.23.2 200 100 i 


*> 2.0.0.0 


10.1.23.2 200i 


*> 3.0.0.0 


0.0.0.0 32768 i 


*> 4.0.0.0 


10.1.34.4 400i 



'['ask 12 

Configure Rl such that it blocks all the prefixes that originated in AS 300 and traversed 
through AS 200. 



On Rl 

Rl(config)#ipas-path access-list I deny 2flfl 300$ 

Rl(config)r#ip as- path access- list 1 permit .* 

R 1 (con%)#routcr bgp 1 00 

Rl icon fig -router)™ neighbor 10.1.12.2 filter-list 1 in 

To verify the configuration: 

On kl 

Rl*Shipbgp 

BC3P table version is 4, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP. '.' - :ncompIetc 

Network Next Hop Metric LocPrf Weight Path 
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*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200i 

*> 4 .0. 0. 10.1.12.2 200 300 400 i 






Task 13 

Remove the configuration command from the previous task before proceeding to the next 
task. 






On Rl 

Rl(config)rrM) ip as-path access- list 1 

Rl (config'^routcrbgp 100 

Rlfconfig-ro Liter)* NO neighbor 10.1.122 filter-list 1 in 

"l'o verify the configuration: 

On Rl 

Rl^Sh ip bgp 

BGP table version is 5, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rR]B-iailurc,S Stale 
Origin codes: i - IGP, c - EGP, 7 - incomplete 

X ctwu r k Ncx t H o p Metric LocP rf Weigh t Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.12.2 200i 
*> 3 .0.0. 1 0. ! . ! 2.2 200 300 i 
*> 4 . . 0. 10.1.12.2 200 30 40 i 




cc 


Task 14 

Your company has decided to use more complex regular expressions in the future, 
configure the routers such that they don't use recursive algorithm when processing 
regular expressions. 
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On Rl 

R 1 (conf«g)#roLitcr bgp 1 00 
Rl(config-routcr)r*bgp regexp deterministic 

On R2 

R2(config>*routcrbgp 200 
R2(config-routcr)r*bgp regexp deterministie 

On R3 

R3 (co nfig)#ra Liter bgp 300 

R 3 (con fig-router)?* bgp regexp deterministie 

On R2 

R4 (co nfig^ro Liter bgp 400 

R4 (con fig-router)?* bgp regexp deterministie 






I ask 15 

Configure Rl in AS 100 Ui ONLY li'.'.uv. p r:_- 1 x .j r- Iron: i.r- j\ r-i. ng and future dxccL) 
connected AScs, these AScs should be allowed to prepend. 






Before the "As- path access-list" is written and applied, a "'Show ip bgp regexp" 

command should be issued, if the desired output is displayed, then, the "as-path 
access-list" should be written and applied. 

Note in the following regular expression the "(_\1)'" section can be thought of the 
memory button in a calculator, basically the expression before it " A (|0-91+)" is what 
you are putting in the memory location 1, and the "*" specifies zero or more of the 
expression that is in the memory location 1. 

On Rl 

Rl#Sh ip bgp regexp A ( :|0-91-)(_\1)*S 

BGP table version is 5, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed;, d damped, h history. * valid, > best, i - internal, 
rRlB-faiiurcS Stale 
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Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 200 1 



The first step is to write the "IP as-path access-list": 

Rl(config)#ip as-path access-list 1 permit A ( [0-9|-)(_'.l)*S 

To verify the output uf the "11* as-path access-list V command: 

Rl#Show ip bgp filter-list 1 

BCiP table version is 5, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB- failure, S Stale 
Origin codes: i - IGP, c - EGP. '.' - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 200i 

The it lore there are two ways to test the regular expression before applying it to a 
neighbor's: 

1. Show ip bgp regexp 

2. Show ip byp filter-list 

The next step is to apph it to neighbor's: 

R 1 (co n fig )#Ro u tcr bgp 1 00 
Rl{config-router)#neighbor 10.1.12.2 filter-list I in 

The following uses the refresh messages so the changes can apply to the existing and 
new prefixes. 

RlsCc ip bgp *in 

To verify the configuration: 

On Kl 

Rl^Showip bgp 



CCtE R& S bj N ar bik Kdthar in ns Adv anCtd CC1 E R& S Wo rk Boo k 2 .0 Page 844 of 1068 

C 2009 Narbik Kucha riant. All rig lib reserved 















BGP table version is 6, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB- tail urc,S Stale 
Origin codes: i - IGP, c - EGP, 7 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.12.2 200 i 






Task 16 

Remove the 'IP as-path access- list" and the "Neighbor filter-list" commands from the 
previous step. 






On Rl 

RI(config)#\0 ip as-path access- list 1 

R 1 (config^Ruutcr bgp 1 00 

Rli;config-router)#\0 neighbor 10.1.122 filter-list 1 in 

Rl "Clear ip bgp * in 








I ask 17 
Configure Rl to prepend it's own AS number 9 times. 








On Rl 

Rl(config)#roiU[>map TST permit 10 

Rli;coniig.routc-map)#$et as-path prepend 100 100 100 100 100 100 100 100 100 

R 1 (config-routc-map)#routcr bgp 200 
Rl(config-routcr)#neighlH:ir 10.1.12.2 route-map TST out 

RI~c:c ip bgp * out 

To vcrifv the configuration: 
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OnKl 

R2*Show ip bgp 

BGP tabic version is 21, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.12.1 100 100 100 100 100 100 100 100 100 100 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.23.3 300 i 

*> 4.0.0.0 10.1.23.3 300 400 i 



•1'ask IS 

Configure R2 such that it allows AS-Path prepend from AS 100 ONLY if they have 
prep ended their own AS number and NOT another AS number. 



On R2 

R2(config)#ip as-path access-list 1 permit A (|0-9| -)(_''. 1)*S 

R2(config)#Routerbgp 100 
R2(config-roiucr')f*neighboi- 10.1.12.1 filter-list 1 in 

R2*Clcar ip bgp * in 



To vL'fil'y the configuration: 



On R2 

R2*Sh ip bgp 

BGP table version is 5, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best. 

r RIB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



- internal, 
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Network Next Hop Metric LocPrf Weight Path 

*> 1 .0.0. 10, L 12 J " 100 100 100 1 00 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.23.3 300i 

*> 4 .0 . 0. 10.1. 23 . 3 30 40 i 

To test the configuration: 

Chanel 1 thi 1 configuration of Rl to pre-pfnd different AS numbers 

On Rl 

Rl icon fig)* NO route- map TST 

Rl(config)nroutc-map TST permit 10 
Rli;config-route»map)#set as-path prepend 10(1 600 800 100 

On R2 

R2sSh ip bgp 

BCiP tabic version is 6, local router ID is 2.22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 0.0.0.0 32768i 

*> 3.0.0.0 10.1.23.3 300i 

*> 4.0.0.0 10.1.23.3 300 400 i 

Note because AS 100 prepended other AS numbers, R2 will reject the update. 



Task 19 



Remove the configuration from the previous task. 
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R2(config')#routcr bgp 200 

R2i'config-rontcr)#M) neighbor 10.1.12.1 filter-list 1 in 

R2~C.c ip bgp * 

On Kl 

Rl(eonfig)#\0 route-map TST permit 10 

R I (config)#routcr bgp 100 

Rl(config-rontcr)#\0 neighbor 10.1.12.2 route-map TST out 



Task 20 

Erase the startup COnfig and reload the routers before proceeding to the next lab. 
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Lab 18 - Advanced BGP configurations 



/ 



y 



"AS 65501 



X 




10.1.23.0 1 24 



AS 400 



X 







-z: .*z.z:ii 




\ 



X 



AS 500 



•■■ 



> Configure the routers that are connected to the frame-relay clouds in a point-to- 
point manner. 

> R2 and R3's FO interface should be configured in VLAX 23. 

> R4 and RS's F0/0 interface should be configured in VLAX 45. 
* Use the following IP add r ess ing chart for IP address assignment. 
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II J illicit -cssing: 



Router 


Interface 


IP Address 


AS number 


Ri 


LoO 
SO 0.12 


1.1.1.1 8 
10.1.12.1 ,24 


65501 


R2 


LoO 
90/0.21 

Ri 


2.2.2.2 fS 
10.1. 12.2/24 

10.1.23.2/24 


65502 


R3 


LoO 
SO/ 0.34 
FO 


T 1 T "1 C 1 
J. .J. 3.J 1 ft 

10.1.34.3.24 
10.1.23.3 24 


65503 


R4 


Lot) 

SO/0.43 

PO/0 


4.4.4.4 .'8 
10.134.4,24 
10.1.45.4 24 


400 


R5 


LoO 
FO 


'S.'S A.5 ft 

10.1.45.5,24 


500 



Task 1 

Configure BGP peering on the routers as follows: 

RI in AS 65501 , should establish an EBGP peer session with R2 in AS 65502. 

R2 in AS 65502, should establish EBGP peer sessions with RI and R3 in AS 65501 and 

65503 respectively. 

R3 in AS 65503, should establish EBGP peer sessions with R2 and R4 in AS 65502 and 

AS 400 respectively. 

R4 in AS 400, should establish EBGP peer sessions with R3 and R5 in AS 65503 and AS 

500 respectively. 

R5 in AS 500 should establish an EBGP peer session with R4 in AS 400. 

Provide N'LRl to the links that connect the routers using RlPv2. 

These routers should advertise their loopback interface's in their assigned AS. 



On RI 

RI (co nfig)#ra Liter bgp 6550 1 

R I (c o n tlg-ro a t cr )# no au 

RI (config-routcr)#nctw 1 .0.0.0 

Rli;config-roLitcr)#ncighbor 10.1.12.2 rcmotc-as 65502 

R I fconfig)#rautcr rip 

RI (contlg-roLitcr)r^no au 

R 1 icon fig -routcr)r*\ cr 2 

R 1 ( c o n fig -r o a t cr) nj net w 1 , 0. 0. 



CCIE R&*» b\ Narbik Kuirharians 



Ad* ariL-L-d CC1 E Ri & W'urk Book 2.0 

C 2009 Vnrbik kiithnrinin. All rights reserved 



?age&S0oflQ68 



On R2 










R2(config)#roLitcrbgp 65502 
R2(config-roLitcr)#no au 
R2(config-roLitcr)#nct\v 2.0. 0.0 
R2(config-routcr)#ncighbor 10.1 
R2iconfig-roLitcr)*neighbor 10.1 


12.1 


remote- 
remote- 


as 
as 


65501 
65503 


R2(config-routcr)#raut cr rip 
R2(config-rouiter)#vcr 2 
R2 (con fig-ro Litcr)# no au 
R2(config-TOut«r)#netw 1 0. 0. 0. 










On R3 










R3(config)#roLitcrbgp 65503 
R3(config-roLitcr)#no au 
R3 (con fig-ro uter)#netw 3.0. 0.0 
R 3 (con fig-ro a t er)# ncig hb o r 10.1 
R3(config-roLitcr)rTncighbor 10.1 


34.4 


remote- 
remote- 


as 
as 


65502 
400 


R3(con fig-ro u t cr) ** ro ut cr rip 
R 3 (con fig-ro utcr)#no au 
R3(config-roLitcr)#vcr 2 
R3(config-roiucr)f*nct\v 1 0. 0. 0. 










On R4 










R4 (con figure Liter bgp 400 
R4(config-roLitcr)#no an 
R4(config-roLitcr)f*nct\v 4. 0. 0.0 
R4 (con fig-ro u tcr)#ncig hbo r 10.1 
R4(config-roLitcr)#ncighbor 10.1 


34.3 
45.5 


remote- 
remote- 


as 
as 


65503 
500 


R4(config-routcr)#raut cr rip 
R4 (c o n fig-ro u t cr )# vcr 2 
R4 (con fig-ro utcr)#no au 
R4(config-routcr)f*nctw 10.0.0.0 










On \15 










R5(config-il>roLitcrbgp 500 
R5(config-routcr)#no an 
R5(config-routcr)#ncighbor 1 0. 1 


45.4 


remote- 


LIS 


400 
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R5 (co n fig-ro u tcr)#nct w 5 . 0. . 

R5(config-roLiter)#ro Liter rip 
R5(eonfig-roLitcr)#no hli 
R 5 (c o n tlg-ro n t cr)# vcr 2 
R5(coni'ig-roLUcr)£nctw 1 0.0.0.0 

10 verify the configuration: 

On Kl 
Rl#5how ip bap 

BGP tabic version is 6, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 ' 32768 i 

*> 2.0.0.0 10.1.12.2 65502 i 

*> 3.0.0.0 10. 1. 12.2 65502 65503 i 

*> 4.0.0.0 1 0. 1. 12.2 65502 65503 400 i 

*> 5.0.0.0 10.1.12.2 65502 65503 400 500 



Task 2 

Configure R2 such that if any of its neighbors go down, the routes from that particular 
neighbor arc NOT removed from the BGP table. The routes should only be removed if a 
given neighbor is down lor longer than 5 minutes. 



On R2 

R2(config-if)#routcr bgp 65502 
R2 (c o n fig-ro a t cr)#NO bgp fas t -ex t crnal -fal lo v cr 
R2i;eonfig-roLitcr)#neighbor 10.1.12.1 timers 60 300 
R2i;config-roLitcr)#ncighbor 10.1 .23.3 timers 60 300 

On kl 
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R 1 (co n fig- ifj#ro ut er b gp 65 5 1 
Rl(config-routcr)#ncighbor 10.1.12.2 timers 60 300 

On R3 

R3(config-if)#routcr bgp 65503 
R3(config-routcr)#ncighbor 10.1.23.2 timers 60 300 

This, feature only supports the directly connected peers. If BGP fast external- 
fallover is disabled, the BGP routing process will wait until the configured hold 
tinier expires before the peer session is reset. 






Task 3 

Configure R5 in AS 500 so it sets the hello and hold timer values to double its default 
value tor its neighboring router R4. 






On \15 

R5 (co nfig)#ro Liter bgp 500 

R5 (con fig-router)^ neighbor 1(1.1.45.4 timer 12(1 36(1 






Task 4 

Configure R4 such that it removes the private AS numbers when it advertises prefixes to 
R5. 






Before configuring R4, we should display the BGP table of R5. 

Rf-Sli - .p hup 

BGP table version is 8, local router ID is 5.5.5.5 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -fail Lire, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1 .0.0.0 10. 1.45.4 400 65503 65502 65501 i 
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400 65503 6? 502 : 




400 65503 i 





400 i 


(] 


32768 i 



*> 2.0. 0.0 10.1.45.4 

*> 3.0.0.0 10.1.45.4 

*> 4.0.0.0 10.1.45.4 
*> 5.0.0.0 0.0.0.0 

On K4 

R4 (con figure Liter bgp 400 

R4 (con fig-ro u t er)# nei g h b o r 1 (1 . 1 .4 5 .5 re m c> \ e- pri v a te- a s 

To verity the configuration: 

On R5 

R5r*Show ip bgp 

BGP table version is 34, local router ID is 5.5.5.5 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


10.1.45.4 




400 


*> 2.0.0.0 


10.1.45.4 




400 


*> 3.0.0.0 


10.1.45.4 




400 


*> 4.0.0.0 


10.1.45.4 





400 


*> 5.0.0.0 


0.0.0.0 





32768 i 



Task 5 

Configure Rl such that it sets the minimum time between sending BGP advertisement tor 
its EBGP neighbors to 60 seconds. 



On Rl 



Rl (con figure Liter bgp 6550 I 

Rl (con fig-ro uter)#ncighbor 1 0.1 . 12.2 advertisement -interval 60 

The default values are as follcms: 
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> External peers — 30 seconds. 

> Internal peers — 5 s ec on d s. 

This command sets the minimum intcn al between the sending of BGP muting 
updates lor internal and external neighbors. 



Task 6 

Configure the following Loopbackl interfaces on R4 and R5 and advertise them in RIPvZ 

only. 

Ensure that R4 and R5 establish their EBGP peer session based on their Lol interface. Do 

NOT use "neighbor cbgp mLlltihop' , ' command to establish this peer session. 

R4 - Lo 1 = 44.4.4.4 '8 and R5 - Lo 1 = 55.5.5.5 1 8 



On K4 

R4(config)#int fol 

R4(config-it>ip addr 44.4.44 255.0.0.0 

R4 (con fig-ro li t cr)# ro Lit cr rip 
R4(config-routcr)ri ! nct\v 44. 0. 0. 

On R5 

R5(config)#int lol 

R5(config-if>*ip addr 55.5.5.5 255.0.0.0 

R5 (co n fig -ro u t cr) S ro Lit cr rip 
R5(config-routcr)#nctw 55. 0.0.0 

On K4 

R4(config-il>raLitcrbgp 400 

R4(config-routcr)#no neighbor 10.1.45.5 rcmotc-as 500 
R4(config-routcr)#ncighbor 55.5.5.5 rcmotc-as 5(H) 
R4 (con fig-ro utcr)#ncighbor 55.5.5.5 update-so urcc lol 

R4(config-roLitcr)rrroLit cr bgp 400 
R4iconfig-routcr)r*neighh>or 55.5.5.5 disahle-connecled-check 
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On R5 

R5 (eon fig- if>ro Liter bgp 500 

R5('config-roLitcr)r#no neighbor 1 0.1.45.4 remote- as 400 
R5(config-routcr)#ncighbor 444.4.4 remote- as 400 
R5 (c o n fig-ro li tcr)#ncig hbo r 44 .4 . 4. 4 up d at c- so u re c la 1 

R5(config-routcr)#routcr bgp 500 
R5(config-routcr)#neighbor 44.4.4.4 disable-connected-check 

The default behavior or BGP: 

A BGP speaker will verify the connection of a single-hop EBGP peering session to 
determine ir the EBGP peer is directly connected to the same network segment, ir 
the peer is not directly connected to the same n et nor k segment, the connection 
verification will fail and it will prevent the peering session from being established. 
The "neighbor disable-eonnected-eheck" command will disable the connection 
verification process for EBGP peering session that are reachable by a single hop hut 
are configured on a loop back interface or configured with a non-directly connected 
IP address. 






Task 7 

For security purposes, configure Rl and R2 such that they only accept IP packets with a 
TTL count in the 1 P header that is equal to or greater than 253. If the TTL count of the 1 P 
packet is 252 or less, these routers should ignore the packet's. 






On Rl 

R 1 (config)#routcr bgp 6550 1 
Rl(config-routcr)#neighbor 10.1.12.2 ttl- security hops 2 

On R2 

R2(config)#routcr bgp 65502 
R2(config-routcr)#neighbor 10.1.12.1 ttl-security hops 2 

This feature is enabled in 123(7)T and it provides a light weight security for the 
BGP routers against CPU utilization attacks. These types of attacks flood the 
network with IP packets that contain forged source and destination IP addresses in 
the packet headers. This configuration accepts only IP packets with a TTL count 
that is equal to or greater than the locally configured value. 
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Task 8 

Remove the configuration from Tasks 6 and ensure that the two routers establish a peer 
session using their directly connected interface's IP address. R4 in AS 400 should 
establish a peer session with R5 in AS 555, and R5 in AS 500 should establish a peer 
session with R4 in AS 400. 



On K4 

R4(config)#NOintlol 

On K5 

R5(config)#NOintkjl 

On R4 

R4 (con fig- if)#ro Liter bgp 400 

R4 (con fig-ro iitcr)#ncighbor 10.1.45.5 rcmotc-as 500 
R4 (con fig -router )#>;() neighbor 55.5.5.5 rcmotc-as 500 
R4 (co n fig-ro utcr)# NO neighbor 55.5.5.5 update- source lol 

R4(config-routcr)#ruut cr rip 
R4(config-routcr)#NO nctw 44.0.0.0 

R4 f co n fig-ro u t cr )# ro ut cr b g p 40 

R4 (con fig-ro Liter)#NO neighbor 55.5.5.5 disable- con nee ted -check 

On K5 

R 5 1 [c o n fig- if>ro Liter bgp 50 

R5(config-routcr)#ncighbor 10.1.45.4 rcmotc-as 400 
R5(con fig-ro Litcr)#NO neighbor 44.4.4.4 rcmotc-as 400 
R 5 (con fig-ro u t cr ) f* NO n cig hbo r 44 .4 .4 . 4 upd at c- so u re c lo 1 

R5(config-roLUcr)nroLit cr rip 
R5(config-router)#NO nctw 55.0.0.0 

R5 (con fig-ro utcr)#routcr bgp 500 

R5(config-roLitcr)#NO neighbor 44.4.4.4 disable-conneeted-check 

On R4 
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R4(config-routcr)r*NO neighbor 10.1.45.5 remote-as 500 
R4(config-roiUcr)rrr]cighbor 10.1.45.5 rcm>otc-as 555 

On R5 

R5(config-routcr)#neighbor 10.1.45.4 local-as 555 

Typically used for AS migration and should be removed when the migration is 
complete. The "local-as"" command prepends the AS number specified in the 
command to the as-path. With this command the local router appears to be in 
another AS. 






Task 9 

Configure R3 such that it replaces it's AS number with 300 and removes its private AS 
number when it sends updates to R4. Do NOT change the AS number of the R3 by 
removing the "router bgp 65503" and re- configuring "router bgp 300*'. L'sc minimum 
number of commands to accomplish this task. 






On R3 

R3(config)#routcr bgp 65503 

R3(config-roLitcr)f* neighbor 10.1.34.4 local-as 300 no-prepend replace-as 

The no-prepend argument does NOT prepend the local AS number (The one 
configured with "router bgp" command) to the AS-Path attribute. 
Replace-as argument prepends ONLY the local AS number to the AS-Path attribute 
that is configured alter the local-as argument. 

On R4 

R4 (co nfig^ro Liter bgp 400 

R4(config-roLitcr)iMNO neighbor 10.1.34.3 remote 65503 

R4(config-routcr)#ncighbor 10.1 .34.3 rcmotc-as 300 




cc 


Task III 

Configure R3 such that it limits the number of AS-path segments that arc permitted in 
inbound routes to 20. 
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On R3 

R3(config)#routcrbgp 65503 
R3(config-router)#bgp maxas-limit 20 

This command discards mutes that have a number of AS -Path segments that exceed 
the specified value. The range is 1 - 2000. The default value in BCrP is 75. This 
command was introduced in I OS release 12.2. 






Task 11 

Configure R3 to inject a default route to neighbor 10.1.34.4 ONLY if there is a route to 
2.0.0.0 /8 in R3's routing tabic. 






On R3 

R3(config)#acccss-list 2 permit 2.0.0.0 

R3(config)#routc-map TEST permit 10 
R3 (co n fig-route- map )# match ip addr 2 

R 3 (con fig)#ro u tcr bgp 65 5 3 

R3(cunfig-rautcr)#neighbor 10.1.34.4 delimit- origin alt- 1 route-map TEST 




Task 12 

Erase the startup con fig and reload the routers be fore proceeding to the next lab. 
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Lab 19 - Administrative Distance 



AS 120 



/ LoO-1 



\ 



V 




10.1.23.0/24 



LpD-1 



LdO-1 



/ 



/ 



S 



--. 




AS 340 



Lab Setup: 

> Configure the routers that arc connected to the frame- relay clouds in a point-to- 
point manner. 

> R2 and R3's FOVO interface should be configured in VLAX 23. 

> L'sc the following IP addressing chart for IP address assignment. 
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IP ml dressing: 



Router 


Interlace 


IP Address 


AS number 


Rl 


LoO 


1.1.1.1 8 


120 




Lol 


11.1.1.1/8 






SO/0.12 


10.1.12.1 f2A 




R2 


Lot) 


2 2 i j ,'S 


120 




Lol 


mn ,$ 






SO'0.21 


10.1.12.2 '24 






FO'O 


10.1.23.2/24 




R3 


LoO 


T "J T T iC 


340 




Lol 


33,3.3.3 8 






PO/0 


10. 1.23.3 /24 






SO/0.34 


10.1.34.3 /24 




R4 


LoO 


4.4.4.4 /8 


340 




Lol 


44.4.4.4/8 






SO/ 0.43 


10.1.34.4 '24 





Task 1 

Configure the routers according to the above IP addressing chart; these routers should 

ONLY advertise their Loopback interlaces in BGP. the peering between the routers 

should be established as follows: 

Rl in AS 120 should establish an 1BGP peer session with R2 in AS 120. 

R2 should establish an 1BGP peer session with Rl in AS 120 and an EBGP peer session 

with R3 in AS 340. 

R3 should establish an EBGP peer session with R2 in AS 120 and an 1BGP peer session 

with R4 in AS 340. 

R4 should establish an 1BGP peer sessions with R3 in AS 340. 

Provide NLR1 tor the links using RlPv2, disable automatic summarization. 



On Rl 



R 1 (eo n fig)#ra lit cr bgp 12 
R 1 (config-roLitcr)#no au 
R I (con fig-ro a tcr)#nctw 1 . 0. . 
Rlfcanfie-roLitcr)f#nct\v 1 1.0.0.0 



R!(coni1g-roLitcr)#ricighbor 10.1.12.2 rcmote-as 120 
On R2 
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R2(config '^router bgp 120 




R2 (con fig-ro utcr)#netw 2.0. 0.0 






R2(config-roLUcr)#nctw 22.0.0.0 






R2(c:on:fig-routcr)#rjo an 






R2(config-routcr)#ricighbor 10.1. 12.1 rcmotc-as 120 






R2(config-routcr)#ncighbor 10.1.23.3 rcmotc-as 340 






On R3 






R 3 (c o n fig ')# ro u t cr bgp 34 






R 3 (c o n fig-ro a t cr ') U no an 






R3(config-routcr)#nctw 3.0. 0.0 






R3i;config-roLitcr)#nctw 33.0. 0. 






R3 (con fig-ro liter)* neighbor 10.1.23.2 rcmotc-as 120 






R3(config-routcr)#ncighbor 10.1.34.4 rcmotc-as 340 






On R4 






R4iconfig)* ! roLUcrbgp 340 






R4 (con fig-ro u t cr) ft no au 






R4 (co n fig-ro Liter )#nct w 4 . 0. . 






R4 (con fig-ro Litcr)#nctw 44. 0. 0. 






R4(config-routcr)r i ncighbor 1Q.L34.3 rcmotc-as 340 






On All Routers: 






(conlig)r#roLitcr rip 






(config-routcr)#no au 






(config-routcr)#vcr 2 






fconiig-routcr)#Nctwork 10. 0. 0.0 






To verify the configuration: 






On Rl 






Rl**Sh ip bgp 






BGP tabic version is 9, local router ID is 1 1 .1 . 1 . 1 






Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 






r RIB -fail urc. S Stale 


i68 
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Origin codes: i - 1GP, c - EGP, ? - incomplete 






Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 0.0.0.0 32768 i 










*>i2 .0.0.0 10. 1.12.2 100 Oi 










*>i3 .0.0.0 ! 0.1.23.3 100 340 i 










*>i4 .0 . 0. 1 0. 1 7, % 1 100 340 i 










*> 11.0.0.0 0.0.0.0 32768 i 










*> 122.0.0.0 10.1.12.2 100 Oi 










*>i33. 0.0.0 10.1.23.3 100 340 i 










*>i44.0.0.0 10.1.23.3 100 340 i 










On R2 










RZrSh ip bgp 










BGP table version is 9, local router ID is 22.22.2 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB-iailurc, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*>il. 0.0.0 10. 1.12.1 100 Oi 










*> 2.0.0.0 0.0.0. ( 


32768 i 










*> 3.0.0.0 10.1.23 


3 340 i 










*> 4.0.0.0 10.1.23 


3 340 i 










*>il 1.0.0.0 10.1.12 


1 100 Oi 










*> 22.0.0.0 0.0. 0.( 


33768 : 










*> 33.0.0.0 10.1.23 


3 340 i 










*> 44.0.0.0 10.1.23 


3 340 i 










On R3 










R3"Sh ip bgp 










BGP table version is 9, local router ID is 33.3.3.3 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB-iailurc, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 10.1.23.2 " 120 i 










*> 2.0.0.0 10.1.23.2 OI20i 










*> 3.0.0.0 0.0.0.0 32768 i 


i68 
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*>i4 .0.0.0 10.1.34.4 100 Oi 






*> 11.0.0.0 10.1.23.2 120 i 










*> 22.0.0.0 10.1.23.2 OI20i 










*> 33.0.0.0 0.0.0.0 32768 i 










*>i44.0.0.0 10.1.34.4 100 Oi 










On K4 










R4"Sh ip bgp 










BGP tabic version is 9, local router ID is 44.4.4.4 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB-iailurc, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










N" ctwork Ncx t H o p Metric LoeP rf Weigh t P at h 










*>il .0.0.0 10.123.2 100 1 20 i 










*>i2.0.0.0 10.1.23.2 100 G 1 20 i 










*>i3 .0.0.0 10.1.34.3 100 Oi 










*> 4.0.0.0 0.0.0.0 32768 i 










*>il 1.0.0.0 10.1.23.2 100 01201 










*>i22. 0.0.0 10.1.23.2 100 1 20 i 










*>i33. 0.0.0 10.1.34.3 100 Oi 










*> 44.0.0.0 0.0.0.0 32768 i 








Task 2 








Configure R2 such that it changes the administrative distance of all prefixes received 








from R3 to 1 50. 










On R2 










R2(config)#routcrbgp 120 










R2i;config.routcr)#distance 150 10.1.23.3 0.0.0.0 










To verify the cunfiauration: 










On R2 










R2#Sho\v in route bgp 


H8 




CC 
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B 1 .0.0.0/8 [200/0] via 10.1.12.1, 00:00:56 
B 33.0.0.0/8 1 150/q via 10.1.233, 00:00:56 
B 3.0.0.0/8 |150.'01 via 10.1.23.3, 00:00:56 
B 4.0.0.0/8 1150/01 via 10.1.23.3, 00:00:56 
B 11.0. 0.0/8 [200/OJ via 10.1 . 12. 1, 00:00:56 
B 44.0. 0.0/8 |150/01 via 10.1.23.3, 00:00:56 






Task 3 

Remove the configuration commands from the previous step before proceeding to the 
next task. 






On R2 

RZfconfig'^routcrbgp 120 

R2i;config.routcr)#\() distance 150 10.1.233 0.0.0.0 

To verify the configuration 

On R2 

R2*Sh ip route bgp 

B 1 .0.0.0/8 [200/OJ via 10.1. 12.1, 00:0 1:02 
B 33.0.0.0/8 [20/0 J via 10 .1 .23.3, 00:0 1 :02 
B 3.0.0.0/8 [20/0 J via 10. 1.23.3, 00:01:02 
B 4.0.0.0 8 pO'OJ via 10.1 .">* X 00:01:02 
B 1 1.0.0.0 8 [200/0] via 10.1.12.1, 00:01:02 
B 44.0.0.0/8 [20/0 J via 10.1 .23.3, 00:0 1 :02 






Task 4 

Configure R2 such that it ONLY changes the administrative distance of prefix 33.0.0.0 .'8 
to 150. 






On R2 
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R2 (con fig ^access- list 3>J> permit 33. 0. 0.0 

R2(config)#rautcrbgp 120 
R2i:config.routcr)#distance 15(1 10.1.23.3 0.0.0.033 

Note the distance command changes the administrative distance to 150 from 
neighbor 10.1.23.3 folhmed by the inverse-mask of the IP address of the neighbor 
for what ever prefix that's specified in access-list 33. 

To verify the configuration: 

On R2 

R2f*Sh ip route bgp 

B 1 .0.0.0/8 [200/0] via 10.1 . 12. 1, 00:0 1:36 
B 33.0.0.0/8 1 150/0] via 10.1.233, 00:01:36 
B 3.0.0. Q.'8 [20/0 J via 10.1.23.3, 00:01:36 
B 4.0.0. 0/8 [20/0 J via 10. 1.23.3, 00:01:36 
B 11.0. 0.0 8 [200/0] via 10.1 . 12. 1, 00:0 1 :36 
B 44.0.0.0,8 [20/0] via 10.1.23.3,00:01:36 






Task 5 

Remove the configuration commands from the previous step before proceeding to the 
next task 






On R2 

R2i;config)#NO access-list 1 permit 33.0.0.0 0.255255.255 

R2(config)#rautcrbgp 120 

R^iconfig-roLitcr)#NO distance 150 10.1.7.1 1 0.0.0.0 1 

To verify the configuration: 

On R2 

R2-SH :p route bi-p 
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B 1.0.0.0 8 [200 0] via 10.1.12.1, 00:00:42 

B 33.0.0.0/8 [20 Oj via 10.1.23.3, 00:00:42 

B 3.0.0.0/8 [20/0] via 10. 1.23.3, 00:00:42 

B 4.0.0.0/8 [20/0 J via 10. 1.23.3, 03:00:42 

B 1 1 .0. 0.0 -8 [200/0] via 10.1 . 12. 1, 00:00:42 

B 44.0. 0.0/8 [20/0] via 10 J. 23. 3, 00:00:42 



Task 6 

Using minimum number of commands change the administrative distance of all 1BGP 
prefixes to 90, EBGP prefixes to 60 and locally generated prefixes to 20. This should be 
performed on all mutcrs. 



On kl and K2 

R. 1 (con fig JS r a u t cr b g p 120 

R 1 (co nfig-routcr)#di stance bgp 60 90 20 

On K3 anil R4 

iconfig)#routcr bgp 340 
(eontig-routcr)r ! distanec bgp 60 90 20 

On R2 

R2#Sho\v ip route bgp 

B 1.(1.(1.0/8 190/0| via 1(1.1.12.1, 00:03:21 
B 33 . 0. .0/8 [ 60/0 ] vi a 1 . 1 . 23 . 3, 00 : 3 : 2 1 . 

B 3.0.0.0/8 [60/0] via 10.1.23.3, 00:03:21 ^\ ^ Note " rhese lire IBGP ™ utt!S 

B 4. 0. .0/8 [ 60/0 j vi a 1 . 1 . 23 . 3, 00 : 3 : 2 1 

B 11.0.0.0/8 |90/0J via 10.1.12.1, 00:03:21 

B 44.0.0.0/8 [60/0] via 10. 1.23. 3, 00:03:21 *- ^ Note these are EBGP routes 

To see the locally generated routes, we must eon figure an aggregate route. 




Task 7 

Erase the startup con fig and reload the routers before proceeding to the next lab. 
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Lab 20 - BGP Confederation 



AS S5 51 1 




10.1.23.0/24 



AS6S534 




10.1.4 6.0/24 




Lab Setup: 



** Configure the routers that are connected to the frame- re lay clouds in a point-to- 
point manner. 

> R2 and R3's FO/0 interlace should be configured in VLAN 23. 

> R4 and R5's FO. interface should be configured in VLAN 45. 

> L'sc the following IP addressing chart for IP address assignment. 
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II J illicit -L'ssing: 



Router 


Interface 


IP Addrew* 


AS n u in her 


Ri 


LoO 
SO 0.12 


1.1.1.1 8 
10.1.12.1 .24 


65511 


R2 


LoO 
SO/0.21 
Eli r i 


2.2.2.2 fS 
10.1. 12.2/24 
10.1.23.2/24 


65522 


R3 


LoO 
SO/ 0.34 
FO 


T 1 T T C 1 
3 .J. 3.J. 5 

10.1.34.3 .'24 
10.1.23.3 24 


65534 


R4 


LoO 

SO/0.43 

FO/0 


4.4.4.4 .'8 
10.134.4,24 
10.1.45.4 '24 


65534 


R5 


LoO 
FO 


5 ^ S 5 .'8 
1 0. 1 .45.5 24 


500 



Task 1 



Configure BGP peering on the routers as follows: 



^ 



^ 
^ 



Rl in AS 6551 1 s should establish an EBGP peer session with R2 in AS 65522. 

R2 in AS 65522, should establish EBGP peer sessions with Rl and R3 in AS 

6551 1 and 65534 respectively. 

R3 in AS 65534, should establish an EBGP peer sessions with R2 in AS 65522 

and an 1BGP peer session with R4 in AS 65534. 

R4 in AS 65534, should establish an IBGP peer sessions with R3 in AS 65534 

and an EBGP peer session with R5 in AS 500. 

R5 in AS 500 should establish an EBGP peer session with R4 in AS 100. 

Provide NLR1 to the links that connect the routers using RlPv2. 

These routers should advertise their Loopback interface in BGP. 



On All Ku liters 

(conf]g-routcr)#mutcr rip 
(conHg-routcr)^no au 
(eonfig-routcr)#vcr 2 
( config-routcr)#nctwork 1 0. 0. 0.0 

On RI 
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Rl (con fig '^router bgp 6551 I 

R I (config-roLitcr)#no au 

Rl (config-roLitcr)#nctw 1.0. 0.0 

Rl(ccmfig-roLitcr)#ncighbor 10.1.12.2 rcmotc-as 65522 

RI(config-roLitcr)#bgp con fed era lion identifier 100 

The "bgp confederation identifier'" command is used to configure a single AS 
number to identify a group of smaller ASes as a single confederation. 
A confederation can be used to reduce the IBGP mesh by dividing a large single AS 
into multiple Sub-ASesand then grouping them into a single confederation. 

Rl(config-routcr)Ti ! bgp confederation peers 65522 

The above command is used to configure multiple AS es as a single confederation. 
The ASes specified in this command are visible internally to the confederation. 

On R2 

R2(config)#routerbgp 65522 
R2 (con fig-ro Litcr)#no au 
R2(config-roLitcr)#nctw 2.0.0.0 

R2(eonfjg-roLitcr)#ncighbor 10.1.12.1 rcmotc-as 6551 1 
R2(config-roLitcr)#ncighbor 10.1.23.3 rcmotc-as 65534 

R2(config-roLitcr)#bgp confederation identifier 100 

R2(eonf]|2-roLitcr)#bgp confederation peers 65511 65534 

R2(config-roLitcr)#ricighbor 131.1.23.3 ncxt-hop-sclf 

On K3 

R3 (con fig )#ra Liter bgp 65534 

R 3 (c o n fig-ro u t cr ) ft no au 
R3 (c o n fig-ro u t cr)#no syn 

R3(config-roLitcr)#ncighbor 10.1.34.4 rcmotc-as 65534 
R3 (con fig-ro utcr) "neighbor 10.1.23.2 rcmotc-as 65522 
R 3 (c o n fig-ro li tcr)#nctw 3 . 0. .0 

R3(config-rontcr)**bgp confederation identifier 100 
R3(config-roLitcr)r*bgp confederation peers 65522 

On R4 
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R4(config)#routcr bgp 65534 
R4 (c o n fig-ro u t er)# no syn 
R4 (con fig-ro u t cr)r*no m 
R4 (CO n fig-ro li tcr)#nctw 4 . 0. .0 

R4 [c o n fig-ro a t cr)# bgp co n fed er a (i o n i den t if i er 1 (1 

R4iconfig-roLitcr)#ncighbor 10.1.45.5 rcmotc-as 500 
R4 (con fig-ro utcr)" neighbor 10.1.34.3 remotc-as 65534 

On K5 

R5 (eon fig-ro utcr bgp 500 

R5(config-routcr)fmo an 

R5 (co n fig-ro li tcr)r*nct\v 5 . 0. . 

R5(eonfig-roLUcr)#ncighbor 10.1.45.4 remotc-as 100 

To verify the configuration: 

On K5 

R5#Show ip bgp 

BGP table version is 6, local router ID is 5.5.5.5 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tail Lire, S Stale 
Origin codes: i - 1GP, e - EGP. '.' - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


10.1.45.4 




100 


*> 2.0.0.0 


10.1.45.4 




100 


*> 3.0.0.0 


10.1.45.4 




100 


*> 4.0.0.0 


10.1.45.4 





100 


*> 5.0.0.0 


0.0.0.0 





32768 i 



Note to R5 all the prefixes are from AS 100. 

On Kl 

RlfShow ip bgp 

BGP table version is 6, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history 1 , * valid, > best, i - internal, 
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r RIB -fail Lire, S Stale 




Origin codes: i 


- 1GP. c - EGP. ? - incomplete 




Xctwurk 


Next Hop Metric LocPrf 


Weight Path 


*> 1.0.0.0 


0.0.0.0 


32768 i 


*> 2.0.0.0 


10.1.12.2 100 


(65522) i 


*> 3.0.0.0 


10.1.23.3 100 


(65522 65534) i 


*> 4.0.0.0 


10.1.34.4 100 


(65522 65534) i 


*> 5.0.0.0 


10.1.45.5 100 


(65522 65534) 500 i 


Note the AS- Pat It's in the parenthesis are the private AS numbers it i thin the 


confederation, 


AS 500 is outside of the parenthesis because its NOT part of the 


confederation. 







Task 2 



Erase the startup config and reload the routers before proceeding to the next lab. 
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Lab 21 - BGP Hiding Local AS number 



• 



\S100 


\ 


10.1.1.0/24 


-AS 200 

* 


fqtoI.1 


V 




/ -2 


FGUO 



-■-. 



v. 



\ 





Lab Setup: 

> Configure the F0 interlace of both routers in VLAN 100 
f" Use the IP addressing chart tor IP address assignment 

IP addressing: 



Router 


Interface ' IP address 


RI 


F0 = 1 0.1.1. 1 .'24 
LoopbackO = 1. 1.1.1 :8 


R2 


F 0= 10.1.1.2/24 
LoopbackO = 2.2.2.2 .« 



Task I 



Configure Rl in AS 100 to establish an EBGP session with R2 in AS 200. 
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On kl 

R 1 (config)#rautcr bgp 1 00 

Rl (corifig-roLitcr)#no auto-summary 

Rl (config-roLitcr)#nctwork 1.0.0.0 

Rl(config-roLitcr)#ncighbor 10.1.1.2 rcmotc-as 2( 

On R2 

R 2 1 c o n fig )# ro afar bgp 20 

R2(c a n fig-r o u t cr)# no a id o - &u mmary 

R2(config-roi.ucr)#nctwurk 2.0.0 .0 

RZieonfig-routcr^ncighbor 10.1.1.1 remote-as 1( 
To verify the configuration: 



On kl 






Rl#Show ip 


bgp 


b Network 


Network 




Next Hop 


*> 1.0.0.0 




0.0.0.0 


*> 2.0.0.0 




10.1.1.2 


On R2 






R2?*Show ip 


bgp 


b Network 


Network 




Next Hop 


*> 1.0.0.0 




10,1 .1 J 


*> 2.0. 0.0 




0.0.0.0 



Metric LocPrf Weight Path 
32768 i 

200i 



Metric LocPrf Weight Path 
" 1001 

32768 i 



Note from R2"s perspective prefix 1.(1.(1.0/8 was originated &. advertised by AS 100, 
and from Rl's perspective, prefix 2.0.0. 0/8 was originated and advertised by AS 200. 
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Task 2 

Configure Rl in AS 111 to establish an EBGP session with R2 in AS 200 such that the 
output of the "Show jp bgp : ' command on these two routers will be identical to the 
follows: 

On Rl 



Rlf*Shipbgp 

BGP table version is 3 S local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB- tail urc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1. 12 (I 1(1(1 200 i 

On R2 
R2#Show ip bgp 

BGP table version is 5, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 
r RIB -tail urc. S Stale 

Metric LocPrf Weight Path 

(} " (I 1(1(1 111 i 

32768 i 



Network 


Next Hop 


*> 1.0.0.0 


1(1.1.1.1 


*> 2.0. 0.0 


0.0.0.0 



On Rl 

Rl (con fig )#ro utcr bgp 1 1 I 

Rl (config-roLitcr)#no auto-summary 

Rl (config-routcr^nctwork 1.0.0.0 

Rl (eon fig-ro titer)" neighbor 1 0. 1 . 1.2 remote- as 2(K) 
Rl(config-router)#ncighbor 10.1 . 1.2 local-as 100 

By changing the AS number of Rl to 11 1, and a "Neighbor 1(1.1.1.2 loeal-as 100" R2 
will see Rl *s real AS of 11 1 originating the route and then AS 100 was the AS that 
advertised it. Note on Rl, it shows that prefix 2.0.0. 0*8 was originated by AS 200 
but the advertising AS to Rl was AS 100. They both see 



CCtE R&*> by Narblk Kueharians Advanced CC1E R&5 VYurk Book 2.0 Page 875 of 1068 

C 2009 Narbik Kucha riant. All rig h la reserved 











this invisible AS 100. 






Task 3 

Configure Rl such that when R2 advertises network 2.0.0.0/8, the output of the "Show ip 
bgp" command on Rl is identical to the following: 

On Rl 

RI*Shipbgp 

BGP table version is 5, local router ID is 1 .1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid* > best* i - internal* 

r RlB-lkilurc* S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.1.2 200 i 






On Rl 

Rl (config)#routcr bgp 1 1 1 

Rl(config-routcr)#neighboi" 10.1.1.2 local-as 10(1 no -prep end 

Note the "no-prepend'" option tells the router NOT to prepend AS 100 to the 
advertised prefixes. This xvill ONLY affect Rl's BGP table. 

On Rl 

Rl#Show ip bgp 

BGP table version is 5* local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP. c - EGP. 7 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.1.2 200 i 
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On R2 

R2#Show ipbgp 

BGP table version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Mark LocPrf Weight Path 
*> 1.0.0.0 10.1. 1.1 100 111 i 
*> 2.0.0.0 0.0.0.0 32768 i 






Task 4 

Configure Rl such that the output of the "Show ip tagp 1 ' command on R2 is identical to 
the following: 

On R2 

RZn'Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.1.1 100 i 
*> 2.0.0.0 0.0.0.0 32768 i 






On Rl 

Rl (conf]g)#routcr bgp 111 

Rlfconfig-roLitcr)#ii!ighbor 10.1.1.2 local-as 100 no-prepend replace-us 

Note the "rep lace -as"" option instincts the local router NOT to prepend the real AS 
number. 

On R2 

R2**Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1. I.I " lOOi 
*> 2.0.0.0 0.0.0.0 32768 i 
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Task? 








Configure Rl such that R2 can establish an EBGP peer session with Rl using AS 1 1 1 or 
100. 










On Rl 










RliconfHg^routcrbgp II I 

Rl (config-router)#neighl)or 10.1.1.2 local- as 100 no -prep end re place- us dual-as 










On Rl 










Rl^Show ip bizp 










BGP tabic version is 5, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - IGP. c - EG P. ? - incomplete 










Network Next Hop Metric LocPrl'W eight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.1.2 200 i 










On R2 










R2#Show ip bgp 










BGP table version is 13, local router ID is 2.222 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB -failure, S Stale 










Origin codes: i - IGP, c - EGP, 7 - incomplete 










Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.1.1 100 i 
*> 2.0.0.0 0.0.0.0 32768 i 










Note the current configuration of Rl is as follows: 










On R2 










R2#5how run b muter bgp 200 
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router bgp 200 

no synchronization 

bgp 3og-ncighbor-changcs 

network 2.0.0.0 

neighbor 10.1. 1.1 remote- as 100 

no auto- summary 

Note its establishing a peer session with Rl using AS 100, the following verifies that 
R2 can also establish a peer session with Rl using AS 1 1 1: 

On R2 

R2iconfig)#rautcrbgp 200 

R2 ico n fig-ro li tcr )#no a ut o - su mmary 

R2iconfig-routcr)?i ! nct\v 2.0. 0.0 

R2f con fig -router) # neighbor 1(1.1.1.1 remote- as 111 

To verify the configuration: 

On R2 



R_"Show ip bjjp 



i ■» ■» i 



BGP table version is 3, local router ID is 2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i ■ 1GP, c - EGP, 7 • incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>L0.0.0 10.1.1.1 llli 

*> 2.0.0.0 0.0.0.0 32768 i 

Note the ONLY difference here is the AS that originated and advertised 1.0.0.0/8 
prefix. 



Task 6 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 22 -BGP Allow-as 



AS 200 



AS1QQ\ / 







. AS 100 , 



-- 



Lab Setup: 

■ Configure Frame-relay on Rl . R2 and R3; this configuration should be done 
directly under the main interface. R2 and R3 should have a static Frame- re lay 
mapping to R! and R! should have static frame-relay mapping to R2 and R3. 

• RlPv2 should be used to provide XLR] 

■ Con figu re the F Q' in tcrtace o f R2 and R4 in V L A X 24 

■ Configure the FQ'O interface R3 and R5 in VLAX 35 

• Use the following chart for IP addressing and AS assignment. 



CCIE R&«* b) Narbik KuiharLanS Adx aniTL-d CC1E R&S VYurk Book 2.0 

C 2009 Vnrhik Kucha riant. All righU raerved 



Page M0 of 1068 



II* ml tiffs sing & AS assignment: 



Ku liter 


Interface '' IP address 


AS number 


R] 


S0 = 10. 1. 123.1 '24 


200 


R2 


SO 0= 10.1.123.2 "»4 
FO/0= 10.1.24.2 24 


200 


R3 


S0/0 = 10. 1.123.3 '24 
FO/0 = 10.1.353/24 


200 


R4 


FO = 10.1.24.4/24 
Lo0 = 4.4.4.4/8 


1 00 


R5 


FO/0 = 10.1.35.5 ,'24 
Lai =5.5.5.5 /8 


100 



Task I 

Configure the routers according to the above diagram; if this configuration is performed 
Successfully all routers should have network 4.0.0.0 /8 and 5.0.0.0 /8 in their BGP and 
routing table. 



On RI 




R 1 (con fig )#ro Liter bgp 200 




R 1 (confag-routcr)r*ncighbor 


1 0. 1 . 123.2 rcrnotc-as 200 


R 1 (config-roLitcr)#ncighbor 


10.1.123.3 rcmotc-as 200 


On R2 




R2 (con fig'^ro utcr bgp 200 




R 2 (c o n fig-ro u tcr)#ncig hb a r 


10.1.123.1 remotc-as200 


R2 (c o n fig-ro a ter)#ncig hb p r 


10.1.123.3 rcmotc-as 200 


R2 (co n fig-ro Liter) "ncig hbo r 


10.1.24.4 rcmotc-as 100 


On R3 




R3(config)#routcrbgp 200 




R 3 (c o n fig-ro li t cr)# ncig hb o r 


10.1.123.1 rcmotc-as 200 


R 3 (c o n fig-ro u t cr)#ncig hb o r 


10.1. 123.2 rcmotc-as 200 


R 3 (c o n fig-ro li t cr)#ncig hbo r 


10.1.35.5 rcmotc-as 100 


On R4 




R4(c: on fig-ro Liter bgp 1 00 
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R4 (co n fig-ro li ter)#ncig hbo r 1 . . 1 . . 24 . 2 rcmo tc- as 20 
R4f'con%-rontcr)#nctwork 4. 0.0 .0 

On R5 

R5(config)#rautcrbgp 100 

R5(OOnfig-ronler)#iieigM>or 10.1.35.3 rcmotc-as 200 
R5 (co n fig-ro u t cr)#nctwo rk 5.0.0.0 

To vL'rifv thu configuration: 
On RI 



Rl#Showjp_bgg b Network 

Network Next Hop 

*>i4 .0.0.0 10.124.4 

*>i5. 0.0.0 10.1.35.5 

On R2 

R2#Show ip bgp b Network 

Network \l'\i. 1 lop 

*> 4.0.0.0 10.1.24.4 

*>i5 .0.0.0 10.1.35.5 

On R3 

R3#Show ip bgp b Network 

Network Next Hop 

*>i4 .0.0.0 10.L24. 4 

*> 5.0.0.0 10.1.35.5 

On R4 

R4*Show ip bgp : b Network 
Network Next Hop 

*> 4.0.0.0 on on 



Metric LocPrf Weight Path 
100 OlOOi 

o i no oiooi 



Metric LocPrf Weight Path 
01 00 i 

100 OlOOi 



Metric LocPrf Weight Path 
100 OlOOi 

OlOOi 



Metric LocPrf Weight Path 
32768 i 



»ote R4 does. NOT have prefix 5.0.0.0 /S in its rem ting table, the question is did 
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R2 Lich ertise that prefix to R4? The output of the following show command can be 
used to verify: 

On R2 

R2#Show ip bgp neighbor 1 0. 1.24.4 advertised -routes b Network 

Network Next Hop Metric LocPrf Weight Path 

*>i5.0.0.0 10.1.35.5 100 100! 

Total number of prefixes 1 

Note R2 has advertised prefix 5.0.0.0 .'8 but this prefix came from AS 100 and since 

R4 is in the same AS (AS 100), it will discard that prefix, this is done by BGP as loop 

avoidance. 

To fix this problem, R4 should be configured to allow prefix/es that have its own AS 

number in its AS, this is accomplished using the following configuration: 

On K4 

R4 (co n figj# ro u t cr bgp 100 
R4(config-routcr)r*neighbor 10.1.24.2 allow as-in 

To verify the configuration: 

On K4 

R4#Shgw ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 

*> 4.0.0.0 0.0.0.0 32768 i 

*> 5.0.0.0 10.1.24.2 200 100 i 

R4^Sho\v ip route 1 Inc B 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 
B 5.0.0.0/8 [20 OJ via 10. 1.24.2, 00: 1 6:20 

Note prefix 5.0.0.0 '8 is in R4*s BGP and routing table with AS number that 

matches its own. 

Since R5 has the same problem, it should also be configured the same way. 

To verify R5's BCP titbit* be tort* configuration: 



CCIE R&*> b) Nartrik KueharianS Advanced CCIE R&S Work Book 2.0 Page 883 of 1068 

C 2009 Narbik Kucha rinm. All rijjlili reserved 



On K5 

R5f*Sho\v ip bgp i b Network 

Network Next Hop Metric LocPrf Weight Path 

*> 5.0.0.0 0.0.0.0 3-2768 i 

Note once again prefix 4.0.0.0 /8 is missing. 
I 'o fix the problem: 

On R5 

R5(config)#routcrbgp 100 

R5 (eon fig-r o u t cr )P nei g h b o i" 1 . 1 .3 5 .3 a I It w a s - in 

In verily the configuration: 

On R5 

R5~Show ip bgp b Network 

Network Next Hop Metric LocPrt" Weight Path 

*> 4.0.0.0 10.135.3 0200100 

*> 5.0.0.0 0.0.0.0 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab 1 - PBR based on Source IP address 




192.168.12.0/24 



L.alt Setup: 

> Configure the frame-relay connection between Rl and R2 in a point to point 
manner. 

> Configure the F0/0 interlace of Rl and R2 in VL AN 1 2. 

f" Use the IP addressing chart for IP assignment. 

> Configure Rl Pv2 to provide XLR1 
II* addressing: 



Router 


Interface 1 P address 


Rl 


SO 0.12 =10.1.12.1,24 
LoopbackO =1.1.1.1 ^4 
Loopbackl = 100. 1.1.1 ,24 
F0 = 192. 168. 12.1 ,'24 


R2 


SO/0.21 =10.1.12.2/24 
LoopbackO =2.2.2.2 ,'24 
Loopbackl =200.2.2.2/24 
FOO = 192.168.12.2 '24 
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Task 1 

Rl should be configured based on the following policy: 

Traffic sourcing from 1.1.1.1 .'24 should use the frame-relay connection, whereas, traffic 
sourcing from 100.1.1.1 .'24 should take the F0/0 interface. 



STEP 1 

The following configuration identifies the source IP addresses of 1.1.1.1 and 
100.1.1.1: 

On Rl 



Rliconfig^Access-list 1 permit host 1.1.1.1 

Rl(config)#AcceSs-list 2 permit host 100.1.1.1 

STEP! 

The following configuration, defines the actual policy using a route-map: 

Rl(config)#Routc-map 1ST permit 10 
Rl(config-routc-map)" Match ip address 1 
Rlfconfig-routc-mapJrrSet interface SO/0.12 

Rl (config')#Routc-map TST permit 20 
Rl(conf1g-routc-map)"Match ip address 2 
Rl(config-routc-map)r*Set interface F0/0 

Rl(config)#Ro utc- map 1ST permit 30 

STEP 3 

In this step policy muting is enabled on the router, the following command 
enables the router to policy route packets that are sourced by the local router: 

RI(config)#lp local policy route-map TST 

To test the configuration: 



On Rl 



Rl "Debug in noiicv 
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Rl^Ping 2.2.2.2 source 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.2.2 r timeout is 2 seconds: 

Packet sent with a source address of 1.1.1.1 



Success rate is 100 percent (5/5), round- trip min/avg'max= 56/57/60 ms 

IP: s=l . 1. 1. 1 (local), d=2.22.2> len 100, policy match 

IP: route map TST, item 10, permit 

IP: s=l. 1.1.1 (local). d=2.2.2.2 ( SeriJlft/0.12) . ten ]00 ; policy routed 

(The rest of the output is omitted) 

Rl^Ping 2.2.2.2 source 100.1.1.1 Route-map item 10 

Route-map item 20 
Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.2./;' timeout is 2 seconds: 
Packet sent with a source address of 100, 

Success rate is 100 percent (5/5), pound-trip min/avg'max = 1/2/4 ms 

IP: s=l 0G.1 .1.1 (local), (HL2J2, len 100, policy match 

IP: mute map TST, item 20, permit 

IP: 5=100.1.1.1 (local), d=2.2.2.2 (FastEtliernetO/0) ; len 100, policy routed 

IP: local to FastEthemetU 192.168.122 

IP: s=l 00.1. 1.1 (local), d=2.2.2.2, 3cn I00 r policy match 

IP: route map TST, item 20, permit 

Note so Far item 10 and 20 in the route-map has been matched in the output of 
the debug, the following Ping will match item 30 of this route-map: 

Rl^Ping 2.2.2.2 source FO/0 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echosto 2.2.2.2. timeout is 2 seconds: 

Packet sent with a source address of 192.1 68.12.1 
mil 

Success rate is 100 percent (5/5), round- trip min/avg'max = 4/4/8 ms 

IP: 5=192.168.12.1 (local), d=2.2.2.2, len 100, policy match 

IP: route map 1ST, item 30, permit 

IP: s=l 92.1 68.1 2.1 (local), d=2.2.2.2, len 100, policy rejected - normal forwarding 

Note the actual policy was rejected because it was routed using the routing table. 
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Task 2 

Reconfigure Rl based on the following policy: 

3* The co mmu mention from host 1 .1.1.1 and 2.2.2.2 should traverse through the 
frame- relay connection. 

> The communication from host 1.1.1.1 and 200.2.2.2 should traverse through the 
FQ interface. 

> The CD m mu n icat k) n fro m ho st 100.1.1. 1 and 20 0.2.2.2 sho u Id trav crsc thro ugh 1 he 
frame-relay connection. 

J*' The communication from host 100.1.1.1 and 2.2J2.2 should traverse through the 
F0 interface. 



Enter the I'oULAvinu commands to reinoM' tin. 1 configuration from the previous step: 

RI(config)#NO access-list 1 
Rl{oomfig)#NO access-list 2 
Rl (config')#NO route- map TST 

DO NO 1 remove the "Ip local policy route-map 1ST'' 

To configure Uil 1 neu access-lists: 

Rl (config')#ip access-list extended HI -2 
Rl(config-cxt-nacl)#pcrmit rp host 1.1.1.1 host 2.2.2.2 

RI(config)#ip access-list extended HI -200 

Rl (config-cxt-nacD^pcrmit ip host 1 . 1 . 1 . 1 host 200.2.2.2 

Rl (config^ip access -list extended HI 00-20(1 
Rl(config-cxt-nacl)#pcrmit ip host 100.1.1.1 host 200.2.2.2 

Rlfcunfig)#ip access-list extended HI 00-2 

Rl (config-cxt-nacl)#pcrmit ip host 100. 1.1.1 host 2.2.2.2 

To configure the neu route-map: 

RI(config)#roLitc-map TST [Term it 10 
Rl(conf]g-routc-map)"match ip addr Hl-2 
R 1 (conf]g-routc-map)f#sct interface S0/0.1 2 

Rl (config)#routc-map TST permit 20 

R 1 (co n fig-ro u t c- map )# mate h ip add r H 1 - 20 

Rl (conf]g-routc-map)^sct interface FQ 
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Rl (con fig )#ro uto map TST permit 30 

R 1 ico n fig-route- map ^rnatc b ip addr H 1 0(1-200 

RI (config-routc-map)#sct interface SO/0. 12 

Rl (configure Lite- map TST permit 40 

R I (config-rcnitc-rnap)#match ip addr HI 00-2 

R I (config-routc-map)#sct interface FQ 

R 1 (co n fig)#ro ut c- map TS T perm it 5 
To test the configuration: 
On Kl 

Rl^Ping 2.2.2.2 source 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.22,, timeout is 2 seconds: 

Packet sent with a sou re c address of 1.1.1.1 



Success rate is 100 percent (5/5), round -trip min.'avg'max = 56/58/60 ms 

IP: 5=1.1.1.1 (local), 6=2222, ten 100, policy match 
IP: route map TST, item 10, permit 

IP: s=l.l.Ll (local), d=2.2.2.2 (SerialO/0.12), len 100, policy routed 
IP: local to SerialO/0.12 10.1.12.2 

RlsPing 200. 2. 2.2 source 1.1. 1.1 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200.2,2.2, timeout is 2 seconds: 

Packet sent with a source address of 1. 1.1.1 



Success rate is 100 percent (5/5),, round-trip min/avg/max = 28/30/32 rns 

IP: s=l. 1.1.1 (local), d=200.2.2.2, len 100, policy match 
IP: route map TST, item 20, permit 

IP: s=l. 1.1.1 (local), (1=200.2.2.2 ( Fa stE t h em etO 0), len 100, policy routed 
IP: local to FastEthemetO/0 192.168.12.2 

Rl*Ping 200.12.2 source 100.1.1.1 

Type escape sequence to abort. 

Sending 5. 100-bvtc ICMP Echos to 200.2.2.2. timeout is 2 seconds: 
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Packet sent with a source address of 100.1. 1.1 



■ MM 



Success rate is 100 percent (5/5), round-trip min/avg/max = 52/53/56 ms 

IP: s=l 00.1. 1.1 (local), d=200.2.2.2, len 100, policy match 

IP: route map TST, item 30, permit 

IP: 5=100.1.1.1 (local), d=200.2.2.2 (SerialO/0.12), len 100, policy routed 

IP: local to SerialO/0.12 10.1.12.2 

Rl#P_jng 2.2.2.2 source 100. 1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.22, timeout is 2 seconds: 

Packet sent with a sou re c address of 1 00.1. 1. 1 



Success rate is 100 percent (5/5), round -trip min/avg/max = 1/2/4 ms 

IP: s=l«0.1.1.1 (local), d=2.2.2.2, len 100, policy match 

IP: route map TST, item 40, permit 

IP: s=100.1.1.1 (local), d=2.2.2.2 (FastEthemetO 0), len 100, policy routed 

IP: local to FastEthernetO 192. 16S. 12.2 

RlgPjng 2.2.2.2 source F0.0 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.22, timeout is 2 seconds: 

Packet sent with a source address of 192.168.12.1 



Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 

IP: s=192.168.12.1 (local), d=2.2.2.2, len 100, policy match 

IP: route map TST, item 50, permit 

IP: 5=192.168.12.1 (local), d=2. 2.2.2, len 100, policy rejected - normal forwarding 



Task 3 

Remove all access-lists and the route-map from R! before proceeding to the next task. 



On m 










Rl{config)#NO 


■P 


access -I 


i st extended HI- 


■2 
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Rl{ccmfig)#NO ip access -list extended HI -200 
RUconfig'^NO ip access -list extended HI 00-200 
Rl(config)#\0 ip access -list extended HI 00-2 

Rl{ccmfig)#NO route- map TST 



To vL'rit'v thf cunfiauratinn: 



On Rl 

Rl#Show access-list 

R 1 jj S ho w ro u t c- map 

Rl^Show ip route rip 

2.0.0.024 issubnetted, I subnets 
R 2.2.2.0 1120/11 via 192.168.12.2,00:00:1 1, FastEthcrnctO'O 

1120/11 via 10.1.12.2,00:00:21, ScrialO/0. 1 2 
R 20 . 2. 2. 0/24 1 1 2 0/ 1] via 192.168.12 .2 , 00 : : 1 1 , Fast E thcrnctO ,' 

1 120/1) via 10. 1.12.2, 00:00:2 UScrialQ'0. 12 
On R2 

R2**Show ip route rip 

1 .0.0.0 24 is sub net ted, I subnets 
R 1. 1 .1 .0 1 120/1] via 1 92. 1 68. 12.1, 00:00: 1 8, FastEthernctO 
1 120/1 1 via 10.1 . 12. 1, 00:00:02, ScrialO/0.2 1 
100.0.0.0 24 is sub netted, 1 subnets 

R 100.1.1.0 |120/1| via 192. 168.12.1, 00:00:18, FastEthcrnctO/0 
1 12(1' 11 via 10.1.12.1, (K): 00:02, Serial 0/0. 2! 



Task 4 

Conf.iiurc Rl based on iIil 1 Ib'.'.ov. :n^ policy: 

> If the size of the packet's is up to 250 Bytes, they should traverse through the 
Frame -relay c \o ud. 

> If the size of the packet's is between 25 1 - 1 500 Bytes, they should traverse 
through the F0. interface. 



CCIE R&i S bj N ar Ink Ku char ia M Adv anted CC1 E R& S Wo rk Boo k 2 .0 Page 892 of 1068 

C 2009 Vnrhik Kurhn riant. All rqjhu raerved 



On Kl 

R 1 (con fig)# Ro u t c- map T ST per i 

Rl (config-routc-map)?* Match length 250 

Rl ico n fig -route- map )# Set ip next-hop 10.1.12.2 

Rl(config)#Routc-map TST per 20 

R 1 (co n fig-ro n tc- map )#M ate h length 2 5 1 15 00 

R](config-routc-map)#Sct ip next-hop 192. 168. 122 

Rl (co ntlg)f# Route- map TST per 30 

To test the configuration: 

On kl 

Rl*P;ng -.2.2.2 source 1.1 .1.1 size 249 

Type escape sequence to abort. 

Sending 5, 249-hyte I CMP Ethos to 2.2,2.2. timeout is 2 seconds: 

Packet sent with a source address of 1.1.1.1 



Success rate is 100 percent (5/5), round-Lrip min.'avg'max = 76/76/77 ms 

IP: 6=1,1.1.1 (local), d=2.2.2.2, len 249, policy match 
IP: route map TST, item 10, permit 

IP: s=l. 1.1.1 (local), d=2.2.2.2 (SerialO/0.12), len 249, policy routed 
IP: local to Serial 0/0. 12 10.1.12.2 

Rl#Pina 2.2.2.2 source 1.1.1.1 size 251 



Type escape sequence to abort. 

Sending 5, 251-byte I CMP Echo* to 2.2.2.2, timeout is 2 seconds: 

Packet sent with a source address of 1. 1 .1 . 1 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 64/64/65 ms 

IP: s=l. 1.1.1 (local), d=2.2.2.2, len 251, policy match 

IP: route map TST, item 20, permit 

IP: 5=1.1.1.1 (local), d=2.2.2.2 (Fast Ethernet 00), len 251, policy routed 

IP: local to FastEthernetO 192.168.12.2 
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Rl^Ping 2.2.2.2 source 1.1.1.1 size 1501 

Type escape sequence to abort. 

Sending 5, 1501-byte ICMP Echo* to 2.2.2.2, timeout is 2 seconds: 

Packet sent with a source address of 1.1.1.1 



Success rate is 1(10 percent (5/5), round-trip min/avg'max = 344/346/349 ms 

IP: S=l.l.l.l (local), d=2.2.2.2, len 1501, policy match 

IP: route map TST, item 30, permit 

IP: 5=1.1.1.1 (local), d=2.2.2.2, len 1501, policy rejected — normal forwarding 

IP: S=l. 1.1.1 (local), d=2.2.2.2, len 1501, policy match 

IP: route map TST, item 30, permit 



Task 5 

Remove the route- map from the previous step before proceeding to the next task. 



On kl 

Rl (config)#NO route- map TST 

To verify the configuration: 
On kl 

Rl#Shfl w ro u t c- map 
Etl* 



I ask 6 

Re-configure Rl based on the following policy: 

)•> All packets from any IP address destined to port 80 (HTTP) should traverse 

through the frame-relay cloud. 
> All packets from any IP address destined to port 23 (Telnet) should traverse 

through port FO.'O. 
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On Kl 

To aiiifi^uri' tin. 1 ace ess -lis Is lor id en lifting the traffic: 

Rl(config)#ip access-list extended HTTP 
Rl(config-cxt-nacl)#permit tcp any any cq SO 

Rl(config)#ip access-list extended TELNET 
Rl (co ntig-cxt-nacl ^permit tcp any any cq 23 

To fgjjj figure the route- map lor the policy: 

Rl(contig)Ti ! routc-map 1ST permit 10 

Rl( co n fi g- route- map )# match ip addr HTTP 

R I (con fig- route- map)?* set interface SO/0. 12 

Rl(config)#routc-map 1ST permit 20 

R I (co n fi g- route- map )# match ip addr TELNET 

R Ifconfig- route- map )# set interface F0/0 

Rl(config)#routc-map 1ST permit 30 



To test the configuration 



On Rl 



RI*Tclnct200. 



SO 



Trying 200.2.2.2, 80... Open 

IP: s=192. 168. 12.1 f local), (1=200.2.2.2, len 44, policy match 

IP: route map TST, item 10, permit 

IP: s= 192.168. 12.1 (local), 0=200.2.2.2 (SerialO. 0.12), ten 44, policy routed 

IP: local to SerialO/0.12 10.1.12.2 

Rl^telnct 2.2.2.2 

Trying 2.2.2.2 ... Open 

Password required;, but none set 

IP: s=192.168.12.1 (local), d=2.2.2.2, len 44, policy match 

IP: route map TST, item 20, permit 

IP: s=192. 168. 12.1 (local), d=2.2.2.2 (Fast Ethernet 0/0), len 44, policy routed 
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IP: Local to F as tE the met (10 1 92.1 6S.1 2.2 




RI*Tclnct 2.2.2.2 8000 




Trying 2.2.2.2,8000... 




% Connection refused by remote host 




IP: s=l92. 168. 12.1 (local), d=2.2.2.2, len 44, policy match 




IP: route map 1ST, item 30, permit 




IP: 5=192.168.12.1 (lotah, d=2.2.2.2, len 44, policy rejected - 


- normal forwarding 



Task 7 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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FCLO.24 

10.1.24.2/24 



FO/0.12 

10.1.122/24 




FQO.23 

10.1.232/24 



La: 



LoC 




Trunk 



LcO 



FOrtJ 

10.1.12.1/24 




R? l -1 

10.123J/24 



hS re/a 10.1244/24 




Lab Setup: 

> Configure the FOG interface of R2 as a tmnk providing routing for VLANs 1 2, 23 

and 24. 

> R l : s FO/0 interface should be configured in VLAN" 1 2. 

> R3's FO/0 interface should be configured in VLAN 23. 

> R4's FO. interface should be configured in VLAN 24. 

> L'sc the IP addressing chart below for IP assignment. 
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VageS9Hofl06H 



IP addressing: 



Router 


Interface/ IP address 


Connecting to: 


R2 


FO/0.12 = 10.1.12.2 24 
F (I/O .23 =1(1.1.23.2/24 
FO/0 .24 =1(1.1.24.2/24 
LoO =1(1.1.1.2/32 


Rl-sFO/0 
R3*S FO/0 
R4*s FO/0 


Rl 


F0 =10.1.12,1/24 
LoopbackO = 1 .1.1.1 ,32 


R2 ! sF0 0.12 


R3 


FO/0 =10.1.23.3/24 
LoopbackO = 10.1.1.3 .02 


RTs FO/0. 23 


R4 


FOG =1 0. 1 .24.4 .'24 
LoopbackO =10.1.1.4/32 


R2 ! s FO/0. 24 



Task I 



Configure the link between R2 and R3 to be in OSPF area 0. Configure LoO interface of 
R3 in area 2. Do not use the network command to accomplish this task. 



On \U 

R2(config)#int fO'0.23 

R2( con fig-sub if)#ip ospf 1 area 

On K3: 

R3(eontig)#int ffl/0 

R3i config-it)#ip ospf 1 area 

R3(config-if)#int Io0 
R3(config-if)#ip ospf 1 area 2 

Note when running OSPF on a given interface by using the interface configuration mode 
command, the IDS starts the OSPF process automatically: 

R3#Sh run S routcrospf 1 

router ospf 1 

k) g- adjac enc y-c ha nges 
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To verify the ctinfimiration: 

R2 should see R3"s Loll as "O I A" route in its muting table 

On R2 

R2#sho\v ip route ospt ' 

10.0.0.0/8 is variably subnettcd. 5 subnets. 2 masks 
I A 10.1.1 J/32 111(1/21 via 10.1.23.3, 00:00:37, FastEthemetO/0.23 



Task 2 

Add the following Loopback interfaces to R3: 

• Lo3l: 192.168.31.3/24 

• Lo32: 192.168.32.3/24 

• Lo33: 192.168.33.3 24 

Redistribute Lo31 and Lo33. Do not redistribute Lo32 into OSPF. Do not use "access- 
list" or "prefix-list** to accomplish the task. 



The first step in resolving this task is to configure the loopback interfaces on R3, as follows: 
On K3 

R3i;config)#int la 31 

R3(config-if)#ip addr 192.168.31.3 255.255.255.0 

R3i;coniig-if)#int \o 32 

R3i;config-if)#ip addr 192.168.32.3 255.255.255.0 

R3(config-if)#int Ic 33 

R3i;config-if)#ip addr 192.168.33.3 255.255.255.0 

Since using "access-lists" or "prefix-lists" is not allowed, a route-map is configured and the 
required interfaces are matched using the "match interface" option in the "route-map" 
configuration mode. 

Note the task states that Lc>32 should NOT be redistributed, therefore, the "route-map" 
could be configured to deny Lo32 and permit the rest of the networks, or the "route-map'" 
could simply permit the Lo31 and Lo33 interfaces and deny Lo32 from being redistributed. 
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Once the "route-map" is configured, its referenced in the "redistribute connected" 
command in the muter configuration mode, as follow s: 

On K3 

Option 1 1 

Note in the following option ONLY "Lu32" is denied, if "mute-map 1ST permit 90" is not 
configured, the rest of the interfaces will also he denied from being redistributed, because 
there is an invisible implicit deny all statement at the end of even "mute-map", therefore, 
the "route-map TST permit 90" is configured to permit the rest of the interfaces. 

R3i con fig)#ro Lite- map TST deny 10 

R3( co nfig-ro Lite- map )# match interface Lo32 

R3(config)#rautc-map TST p.i ir i 90 

Option 2: 

Note the following option is more specific and it should be used in this configuration. This 
option is more specific because it will not redistribute future directly connected mutes in 
this process. 

R3(config)#roLitc-map TST permit 10 

R3( co n fig -ro Lite- map) ** match interface Lo31 Lo33 

In the final step the connected interfaces that are referenced in the "route-map" are 
redistributed, as follows: 

R3(co nfig-ro Lite- map. ^router ospl" I 
R3(coniig-roLitcr)#rcdistribLitc connected subnets route-map 1ST 

The "subnets" keyword is required or else ONLY' the classful networks are redistributed. 

To verify the configuration: 

On R3 

R3r*Show ip ospfda external anc Link State ID 

Link State ID: 192.1 68 J 1.0 (External Network Number) 
Link State ID: 192.168.33.0 (External Network Number ) 

On R2 
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R_"Sho\v ip route ospf . lnc E2 

O E2 192.168.31.11/24 [110/20] via 10.1.23.3, 00:07:34, FastEthcrnctO/023 
O E2 I92.168.33.W24 [110/20] via 10.1233,00:07:34, FastEthcrnctO 0.23 



Task 3 

Configure R1P\2 between R2 and R I. 

On R2, redistribute OSPF routes to RIP. 

Rl should not use the route to R3'sLo33 in its routing table. Do not use "distribute- list*' 

or "offset- list" to accomplish the task: R2 is not allowed to filter any redistributed route 

from OSPF to RIP. 



The first step is configure RlPv2 on both Rl and Rl: 

On R2 

R2(config)#routcr rip 

R2(config-routcr)#vcrsion 2 

R2( config-routcrirrno auto-s ummary 

R2i co n tig-ro uterWnct 1 .0 . 0. 

R2f con fig-rout cr)#Passivc-int crtacc FQ0. 23 

R2( config-router)#Passivc-int crfacc FQ'0.24 

Note in the above configuration the "Passive- interlace" commands are required because the 
task requires RIPv2 to run between Rl and R2: the "Passive- interface" commands turn the 
specified interfaces into receive-onk mode. 

On Rl : 

Rl( con fig)* router rip 
RI(config-routcr)#vcrsion 2 
R I ( config-rout crj^no auto-summary 
R 1 ( config-routcr)#nct 1 0.0. 0. 

To verify the confiyuratiun: 



On R2 



R2"Sho\v ip route rip 
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10.0.0.0/8 is variably subncttcd. 6 subnets, 2 masks 
R 10.1.1.1/32 1 120/1] via 10.1.12.1, 00:00:05, FaslEthernelO/0.21 

In the second step OSPF is redistributed into RIP on R2: 

On R2 

R2iconlig )r#ro Liter rip 
R2(coniig-roLitcr)r*redistribute ospf 1 

To verify the configuration: 
On kl 

Rlrrsh ip route rip 

10.0.0.0/8 is variably subncttcd, 5 subnets. 2 masks 
R 10.1.1.2/32 [120/1 J via 10.1.12.2, 00:00:01, FastEthcrnctOO 
R 10.1.24.0/24 [120/1 J via 10.1.12.2, 00:00:01, FastEthcrnctOO 
R 10.1.23.0/24 [120/1] via 10.1.12.2,00:00:01, FastEthcrnctO 

Vile Lot). Lo31 and Lo33 of R3 arid NOT in tin; routing table of Rl : onlj R2"s interfaces arc 
redistributed. 

One of the biggest problems of redistribution is that each mutiny protocol has its own 
metric: 

• RIP : hop count 

• E1GRP : composite of bandwidth, delay, reliability, load and MTU 

• OSPF : Cost which is based on bandwidth 

When redistributing from OSPF into RIP muting protocol, what should be the metric? 
Well. ...there are many choices, and some of them are as follows: 

• The metric can be configured such that it applies to all existing and future 
redistributed routes. 

• The metric can he set separately on each configured redistribute command. 

• The metric can be set based on usage of a "route-map". 

One notable exception is directly connected routes, which RIP applies a default metric of 0. 

To correct the problem, a metric of 3 is assigned to the OSPF routes redistributed into 
RIPv2, as folio wS: 
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On R2 

R2(config)#rautcr rip 
R2(config-routcr)r*redistribute ospf 1 metric 3_ 



To verity tht 1 configuration: 



On Kl 

RI#Sh ip route rip 

R 192.1 68.3 1 .0/24 [ 120/3 j via 10. 1. 1 2.2 , 00:00: 1 1 , FastEthcrnctO 

10.0.0.0/8 is variably subnettcd. 6 subnets, 2 masks 

R 10.1.1.2/32 [120/1] via 10.1.12.2, 00:00:11 , FastEthcrnctO 

R 10.1.1.3/32 [120/3] via 10. L 122, 00:00:1 1, FastEthcrnctO 

R 10.124.0/24 [120/1] via 10.1.12.2, 00:00:11 , FastEthcrnctO'O 

R 1 0. 1.23. 24 1 120/ 1 J via 1 0. 1 . 1 2.2, 00:00: 1 1 , FastEthcrnctO 

R 192.1 68.33.0/24 [ 120/3J via 10. 1. 1 2.2, 00:0tt 1 1 , FastEthcrnctO'O 

The output of the above show command verifies that all OSPF routes have been 
redistributed into RIPv2 on Rl: the last step of this task requires filtering of R3's Lo33 
(192.1 6833.0/24), remember that the use of "distribute- list" or "Offset-list" is not allowed, 
therefore, a "route-map" is used to set the metric of interface Lo33 tti infinity: this will 
cause Rl to poison that route. 

The steps required to configure this task are as follows: 

• A "prefix-list" is configured to identify the IP address of R3"s Lo33 

• A "route-map" is configured, the "prefix-list" from the previous step is referenced, 
and a "set metric 16" is configured to set the metric to infinity 

• The redistribution is reconfigured to reference the "route map" 

On R2 

The first Step: 

R2(config)#ip prefix-list Lo33 permit 192.168.33.0/24 

T3ic hjjci.md stup: 

R2fconfig)#raLitc-map TST 10 

R2i 'config-routomapi^match ip address prefix-list Lo33 

R2(conf]g-routc-map)r*set metric 16 

R-fcontig-roLitc-map.'ifrrGutc-map TST 20 
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TIil 1 third and the Una I step: 

R2( co n iig-ro ut c- map )# ro til cr rip 
R2(contig-romcr)#rcdi5tributco£pf 1 metric 3 route-map TST 

To verify the configuration: 

On Kl 

RljShow ip route Inc 192. 168.33.0 

Note the Lo33 of R3 is. no longer in the routing table 

R Is Show ip route rip 

R 192.1 68.3 1 .0/24 [120/3] via 1 0. 1 . 1 2.2, 00:00: 18, FastEthcrnctO 

IO.O.O.G'8 is variably subnetted, 6 subnets, 2 masks 
R IOl 1.12/32 [120/1] via 10.1.12.2, 00:00: 18, FastE thcrnctO/0 
R 10. 1 .1 .3/32 [ 120/3] via 10. 1. 12.2, 00:00: 1 8, FastE thcrnctO 
R 10.1.24.0 24 [12071 J j via 10.1.12.2,00:00:18, FastEthcrnctO 
R 10.123.0/24 [120/1] via 10.1.12.2, 00:00:18, FastEthcrnctO 

Rift debug ip rip 

RIP: received v2 update from 10. 1.12 2 on FastEthcrnctO 
10. 1.1 2/32 via 0.0.0.0 in 1 hops 
10. 1 . 1 .3 32 via 0.0.0.0 in 3 hops 
10.1.23.0724 via 0.0.0.0 in 1 hops 
10. 1 .24.0 24 via 0.0.0.0 in 1 hops 
1 92. 168.3 1.024 via 0.0.0.0 in 3 hops 
192.ltifl.33.W24 via D.O.0.0 in 16 hops (inaccessible) 

Note Rl receives R3*s Lo33 with a metric of 16 and since R1F lias a maximum hop count of 
15, this route is inaccessible. 



Task 4 

Add the following loopback interfaces to Rl and R3: 

• Rl: Lol3: 192.168.13.1/24 

• R3: Lol3: 192.168.13.3 24 
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Advertise Rl's LoI3 into R1P\2 routing protocol; R3's Lol3 should be configured in 
OSPF area 2 and advertised with its correct mask. 

Configure E1GRP adjacency between R2 and R4, these routers should be configured in 
Eigrp AS 100. Ensure that R2's routing table resembles the following; the composite 
metric can be any value: 

Rl^Slum in route i'h.zrp 

10.0.0. 0/8 is variably suhnetted, ? subnets, 2 masks 

DEX 10.1.1.4/32 

1 170/15616()| via 10.1.24.4. (H):0 0:52, Fast Ethernet 0/0. 24 

Redistribute RIP into E IGRP. Ensure that R4 installs a route tor network 1 92. 168. 1 3.0/24 
into its routing table. 



The first step: 

Configuring a loophack 13 interface on Rl and another on R3: 

On Rl 

Rl(config)#int lo 13 

Rl(config-if)#ip addr 192.168.13.1 255.255.255.0 

On K3: 

R3i;config'^int k) 1 3 

R3iconfig-if)#ip addr 192.168.13.3 255255.255.0 

Second step: 

Adding luopback 13 to OSPF area 2: 

On R3 

R3(config-routcr)#int lo 13 
R3( config-if)#ip ospf 1 area 2 

On j3 

R3#Show ip ospf interlace Ioopbackl3 

Loopback 1 3 is up. line protocol is up 
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Internet Address 192.168.1 3.3 24, Area 2 

Process ID 1, Router ID 10.1.1.3, Network Type LOOP BACK, Cost: 1 
Enabled by interlace con fig, including secondary ip addresses 
Loophack interlace is treated as a stub Host 

Note when configuring loophack interfaces in OSPF, OSPF recognizes that this interface is a 

loopback interface, therefore, it treats it as a stub host. 

As a stub host, OSPF and CPU operation/utilization is minimized because OSPF will NOT 

send any OSPF packets out of this interface or receive any OSPF packets. 

OSPF advertises this interface as a host route with a mask of ™/32", this behavior can be 

changed by changing the network type, as follows: 

R3(contig)#int to 1 3 

R3(config-if)#ip ospf network point-to-point 

To verify the configuration: 

On R2 

R2*Show ip route ospf I Inc 1 92. 1 68. 130 

192. 168.1 3.0/24 is subnetted, I subnets 
O I A 192.168.13.0 [110/2J via 10.1.23.3, 00:01:59, FastEthcrnctO:0.23 

Next step is to advertise Lol3 in RIPv2 on Rl: 
On Kl 

Rl(config)#routcr rip 

R 1 (co n iig-ro ut cr)#nct\vo rk 1 92 . 1 6 8 . 1 3.0 

Note RIPv2 also recognizes that this interface is a Loophack interface the output of a "debug 
ip rip" will reveal that: RIP can be configured to minimize operation by adding the "Passive- 
interface Lol3" to the RIP configuration. 

On Kl 



Rl(eonfig)#routcr rip 

Rl (co nfig-routcr)#passive- interface loopback 13 

To verify the configuration : 
On R2 
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R2f*Show ip route Inc 192. 168. 13.0 

192. 168.1 3.0/24 is subnetted 1 subnets 
() I A 192.168.13.0 [11072] via 10.1.23.3, 00:12:48, FastEthcrnctO 0.23 

Note- Mil' route does NOT appear as a RIP route: did RIP advertise t Iil' route? If so. vihat 
happened? 

On R2 

R^Show ip rip database 1 92. 168. 1 3.0 255.255.255.0 

192. 168. 13.0/24 redistributed 

[3] via 10.1.23.3, Irani 10.1.1.3, 

Note the route is in RIP's database, but it is in the database as a "redistributed" route. It is in 

the database as "redistributed'"' because of redistribution of OSPF into RIP in task 3. 

So where is the update from R17 

Maybe Rl does not send that update at all? 

Note the output of the following debug reveals that the route is being advertised to R2: 

On R2 

R2f* Debug ip rip 

RIP: sending v2 update to 224.0.0.9 via Fast Et hern ctQ/0.21 (10.1.122) 
RIP: build update entries 

192.168.13.0/24 via 0.0.0.0, metric 3, tag 
( The output is modified to shew the advertisement for this route ONL Y) 

NoteR2 received an update for network 192.168.13.0 .24 from Rl, but it does not install it 

into its RIP database, RIP database contains only redistributed routes and learned RIP routes 
which are actually installed in the router's routing table: since the "administrative distance'' 
of RIP is 120 and OSPFs "Administrative distance" is 110, IDS prefers the OSPF route and 
rejects the RIP mute. 

To verify; 

R3'S Lol3 is shutdown and once again the R2's RIP's database is checked, as follows: 

On K3 
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R3(config')#intcrfacc Loopback 13 
R3(con%-il)#Shut 

On R2 

R2*Show ip route 192.168.13.0 

Routing entry for 192.168.13.0/24 
Known via "rip", distance 120, metric 1 
Redistributing via rip 

Last update from 10. 1. 12. 1 on FastEthcrnctOU2l, 00:00:28 ago 
Routing Descriptor Blocks: 

* 10. 1.1 2.1 , from 10.1.12.1, 00:00:28 ago, via FastEthcrnctO 0.21 
Route metric is 1, traffic share count is 1 

R2*Show ip rip database 1 92. 168. 1 3.0 255.255.255.0 

192.168.13.0/24 

[1] via 10.1.12.1, (I): 00: 15, FastEthernctO/0.21 

Note the output of the above show commands reveal that network 192.168.13.0 .'24 is a RIP 
route. 

To verify and reveal the comparison of administrative distance of RIP versus OSPFby the 
I OS, the I.ol3 interface of R3 is configured as "no shut" while "debug ip routing" is enabled 
on R2, as follows: 

On K2 

R2#dcbug ip routing 

IP muling debugging :s on 

On K3 

R3(config)#intcrlacc Loopback 13 
R3i;config-ilVN'o shut 

On R2 

RT: closer admin distance tor 192.168.13.0, Hushing 1 routes 

RT: NET- RED 1 92.1 68. 13.024 
RT: SET_LAST_RDB for 192.168.13.0 24 
NEWrdb: via 10. 1.23 3 



CCIE R&«* b) Narbik Kocharians Advanetrl CC1E R&5 Work Book 2.0 Page 909ofl068 

C 2009 Nnrlfik Kiichn riant. All rig h Is renrrved 



RT: add 192.168.13.0/24 via 10. 1.23 J, ospf metric [110/2] 
RT: NET- RED 1 92.1 68. 13.0 24 

Note (lit; first line of the above output reveals the comparison of the administrative distance of 
RIP and OSPF, and the "add 192.168.13.W24 via 10.1.23.3, ospf metric 1 110/2] is what is 
injected in the muting table of this router, to verify that information: 

On R2 

R2f*Sh ip route ospf inc 192.168.13.0 

O IA 192.168.13.0/24 [1 10/2] via 10.1.23.3, 00:08:30, FastEthcrnct(M).23 

In the next step E1GRP adjacency is created in AS 100 and the LoophackO interface of R4 is 
redistributed to resemble the output shown in this task: 

On K2 

R2(config)#routcr cigrp 100 

RZiconlig-roLitcr^no au 

R2i con fig-ro Lit cr)#n ct\vo rk 10.1. 24 .2 0.0 .0 .0 

On K4 

R4(eoniig-roLitc-map' |#router cigrp 100 

R4( con fig-ro ut cr)#no au 

R4( con tig-ro Lit cr)#nctw 10.L24 .4 0.0.0.0 

To seethe loopbackO of R4 as an external Eigrp route, it must be redistributed into Eigrp 100, 
as follow s: 

The first step: 

A route-map is created and LoO interface is matched: 

R4(config)#rciLitc-map 1ST permit 10 
R4i con i; g -r o Lite- map )# match interlace loO 

Thu second step: 

The "Redistribute connected" command is configured referencing the "route-map", when 
redistributing mutes into Eigrp, the metric should also be configured in the following order: 
Bandwidth, Delav, Relav, Load and MTU 
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The onK exception isuhen redistributing connected L-tnd or static routes. 

Note EICiRP does not use the "MTU" as a parameter for metric calculation, hut still a 
required value that must be configured. 

R4( con tig)#ra Liter cigrp 1 00 

R4f contig-routcr^rcdistributc connected route-map IS I 

To verify the eonTuJuration: 

On R2 

R2#Show ip route cigrp 1 00 

10.0.0.0/8 is variably sub netted, 7 subnets, 2 masks 
D EX 10.1.1.4/32 1 170/1 561601 via 10.1.24.4, 00:07:28, FastEthcrnctO 0.24 

ifft it It- it 'iV'iV it if it ifft if it if ** * * * 'iV* if * * •ffff if it if -ffft if * if 'iV* 'iV * * •ffff if it if •ffft if if -ft 'iV* * * * ** if if 'n"rf * * * •ffff ifif -ft ifif 'li' 'n"* 'iV* it it ifft 

Note when running Eigrp on an interface you should include the entire IP address of the given 
interface with an inverse mask option, or else you could run into problems; issues. 
In the beginning of this task the network command of R4 was configured in the most specific 
manner possible, if the network command was configured as "network 10.0.0.0", then, all 
interfaces that are configured in this major network would have been advertised as internal 
Eigrp route, and as a result of that the loophack interface of R4 would have been injected as 
an internal and not external, the routing table of R2 would have resembled the following: 

R2~sh ip route cigrp 

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 
D 10. 1. 1.4/32 [90/1561 60J via 10. 1.24.4, 00:00:31 , Fast Ethernet 0/0. 24 

ifif it if if 'iV* it it it itif 'ii"n"iV ** it * 'iV •ffff if it it ifft it if it -ffff if it if ifif 'iV ■n"n' •ffff if it if •ffft if if -ft ifif if if if if if if if ifif it if if if if if if if if it it it if iff! it it it if 

The final step of this task: 

RIPvl is redistributed into Eigrp: 

On R2 

R2(coniig)#Routcr cigrp 100 
R2(conf]g-routcr)"rcdistribLitc rip metric I I I I I 

To verify the conf]»uration: 

On R4 
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R4*Show ip route cigrp 

10.0.0.0/8 is variably sub netted, 6 subnets, 2 masks 
D EX 10.1.12.IK24 [170,25600028 1 6] via 10. 1 242, 00:0 1 :23, FastE thcmctO 
D EX 10.1.1.2/32 [170/25600028 16J via 10.124.2, 00:01:23, FastEthcrnctO/0 
D EX 10. 1. 1 .1/32 [170/256000281 6] via 10.1 .24.2, 00:01:23, FastEthcrnctO 
D EX 10.1.23 JOm [ 1 70.2 5 6 02 8 1 6] via 1 , 1 24 2 , 00:0 1:23, FastE thcrnctO; 

Note network 192.168.13.(1 /24 has NOT been redistributed. 

R4#Show ip route 192.168.13.0 

% Network not in tabic 

*************************** I ni dot I 'in I to remember ***************************** 

10S will redistribute the 192.168.13.0 24 network only if this network is in the routing table 
of R2 as a RIP route. Remember when redistributing routes into another rout in y protocol. 

let's say the routes from routing protocol A. are to be redistributed into routing protocol B. 

the I OS will ONLY redistribute the routes that are in its routing table as A into mutiny 

protocol _B*s routiny protocol. 

Redistiibution is NOT transitive, meaning that, when the routes from protocol A are 
redistributed into protocol J3, the same routes can NOT be redistributed into routiny protocol 

c. 

** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * * ** * * ** * * * ** * * * ** * * * ** * * * * 



To verify the routing table uf K2 for network 192.168.13.0 ,24: 
On R2 

R2*Show ip rip database 192. 168. 13.0 255.255.255.0 

192. 168. 13.0/24 redistributed 

[3 J via 10.1.23.3, from 10.1.1.3, 

R2*Showip route 192.168.13.0 

Routing entry for 192.1 68.1 3.0/24 
Known via "ospl" I", distance 110, metric 2, type inter area 
Redistributiny via rip 
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Advertised by rip metric 3 route-map TST 
Last update from 10. 1.23.3 on FastEthcmctQ/0.23 r 01:1 8:05 ago 
Routing Descriptor Blocks: 

* 10. 1.23.3, tram 1 0. 1 . 1 . 3 r 01 : 1 8:05 ago, via FastEthcrnctO/0.23 
Route metric is 2, traffic share count is 1 

The output of the above show command reveals that the route is present in RIP, but the route 
on R2 is known via OSPF, but we are redistributing RIP into EIGRP. 

To accomplish this task, the administrative distance of 192.168. 13.0 24 is raised in OSPF to a 
number that is higher than OSPF's Administrative distance. As follows: 

On K2 The desired AD value 

\ y Its important to note that this is the OSPF RID of R3 

R2(conf]g)r i routcr ospf 1 ^ ^ 

R2i; config-routcr)#distancc 121 10. 1 .1 .3 0. 0. 0.0 *-_ 

This is the inverse mask of R3's RID 
To verify the configuration: 

On R2: 

Note the route is no longer in the routing table as an OSPF route: 

R2#Sh ip route ospf" 

O E2 192.1 68.3 1.0/24 [121/20] via 10.1.23.3, 00:00:39, FastEthcrnctO/023 

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 
IA 10.1.1.3/32 fl21/2] via 10.1.23.3, 00:00:39, FastEthcrnctO'0.23 
O E2 192.1 68.33.fl/24 [121/20] via 10.1.23.3, 00:00:39, Fast Ethcrnctfl 0.23 

Because of the adjusted AD, the mute is now a RIP mute: 

R 2* Show ip route rip 

R 192.168. 1 3.0/24 [ 1 20/ 1 ] via 1 0. 1 . 1 2. 1 , 00:00: 1 6, FastEth crnet .0/02 1 

lO.O.O.O/S is variably subnetted, 7 subnets, 2 masks 
R 1 0. 1 . 1 . 1 32 [120/1] via 10. 1.12.1, 00:00:16, Fa stE them ctO/ 0.21 

Note the output of the above show commands reveal that the configured AD is applied to all 
OSPF mutes received from R3, even though the following show command reveals that 
network 192.168.13.0/24 is redistributed into R4"s muting table: a better choice is a more 
specific approach. 

To verify the configuration: 
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On K4 

R4**Show ip route cigrp Inc EX 

D EX 192.168.13.0/24 [ 17Q-256CK)028 1 6] via 1 0.1.24.2, 02:14:05, FastEthcrnctO/0 
D EX 10.1.12.0/24 [1702560002816] via 10.1242,02:22:54, FastE thcrnctO 
D EX 10. 1. 1 .2/32 [170/25600028 1 6] via 10.1 .24.2, 0222:54, FastEthcrnctO 
D EX 10. 1. 1.1/32 [170/256000281 6J via 10.1 24.2, 0222:54, FastEthcrnctO/0 
D EX 10. 1.23.(V24 [170/25600028 1 6] via 10. 1 242, 02:22:54, FastE thcrnctO/'O 

The following outlines the configuration of more specific approach on R2: 
On R2 

R2( con lig'^ro Liter ospf 1 

R2i;con%-roLitcr)Si I o distance 121 10.1.1.3 0.0.0.0 

R2(co n tig-ro ut er)# di st a n ce 1 2 1 10.1.1.30. 0. .0 I 

R2(config)#acccss-list I permit 192.168.13.0 0.0.0.255 

i'o verify the confi»uratinn: 

On R4 

R4#Show ip route cigrp 

D EX 192.168.13.0/24 [ 170/256CK302S 1 6| via 10.1.242, 00:07:33, FastEthcrnctQ'O 

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks 
D EX 10. 1. 12.024 [170/25600028 1 6 J via 1 0. 1 24.2, 02:46:04, FastEthcrnctQ 
D EX 10.1.12 32 [170/2560002816] via 10.1242, 02:46:04, FastEthcrnctQ 
D EX 10.1.1.1,32 [170/2560002816] via 10.1242, 00:07:33, Fast Ethernet 00 
D EX 1 0. 1. 23.024 [170/25600028 1 6J via 1 0. 1 24.2, 02:46:04, FastEthcrnctQ'O 



Task 5 

Configure the following Loop back interlace on Rl: 

Lo40: 172.16.0.1/24 
Rl should be configured to advertise this loopback interlace in RIPvZ 
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Ensure that the ONLY' 172.16.X.X route present in R2's routing table is 172.16.0.0/24 
R3 should seethe following route: 172. 16.0.0 16. 



St up i:mu: 

Configuring Loophack 40 on Rl and advertise this network in RIPv2: 

On Rl 

Rl(config)#int k) 40 

Rli;contig-it)^ip addr 172.16.0.1 255.255255.0 

Rl(coniig-if)#routcr rip 

R 1 ico n tig-ro Lit cr)#Xct w 172.16.0 .0 

To verify the configuration: 

On R2 

R2f*Sh ip route rip 

R 192.1 68.1 3.0/24 [120/1] via 1 0. 1 . 1 2.1 ., 00:00:13, FastEthcmctO/0.21 
172. 16.(>.Q'24 is Sub netted, 1 subnets 

R 172.16.0.0 [120/ljvia 10.1.12. 1, 00:00:13, FastEthcrnctO 0.21 

I 0.0.0.0'S is variably subletted. 7 subnets, 2 masks 
R 10. 1.1.1/32 [120/1] via 10.1.12.1, 00:00: 13, FastEthcrnctO. 0.21 

Note R2 has the route based on the requirement of the task. 

To perform the last step of this task, R2 should be configured to redistribute RlPv2 into 

OSPF, as follows: 

On R2 

Note by default OSPF assigns a metric of 20 and a metric-type of 2 to all redistributed 
routes, therefore, there is no need to assign the cost from OSPF'S perspective when 
redistributing routes. 

R2(config)#routcr ospf I 

R2( con tig-ro Lit crjn'redistribute rip subnets 

To verify the configuration: 
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On K3 

R3#Show ip route ospf 

172.16.0.0/24 is submitted, 1 Subnets 

() E2 1 72.1 6.0.0 [ 1 10/20] via 10.1 23.2, 00:00:52, FastEthcrnctO 

10.0.0.0/8 is variably subnettcd, 6 subnets, 2 masks 
E2 10. 1. 1 2.0/24 [11 0/20] via 1 0. 1 .23.2, 00:00:52, FastEthcrnctO/0 
O E2 1 0. 1.1.2 32 [1 1 0/20] via 10. 1 .23.2, 00:00:52, FastEthcrnctO 
E2 10. 1.1 .1/32 [110/20] via 10.1.23.2, 00:00:52, FastEthcrnctO 
O E2 10. 1.24.0/24 [1 10/20] via 10. 1 .23.2, 00:00:52, FastEthcrnctO/ 

Note this task specified that network 172.16.0.0 should appear in the routing table of R3 as a 
"/16", to accomplish this task this network is summarized, as loll on s: 

On R2 

R2i con fig^ro utcr ospf 1 

R2( con fig-rout er)#surnmary- address 1 72.1 6.0.0 255.255.0.0 

To verify the configuration: 

On R3 

R3f?Sh ip route ospf 

O E2 172.16.0.0/16 [110/20] via 10.1.23.2, 00:00:18, FastEthcrnctO/ 

10.0.0.0/8 is variably subnettcd, 6 subnets, 2 masks 
O E2 tO, 1.12.0/24 [110/20] via 10.123.2, 00:10:29, FastEthcrnctO/0 
E2 10. 1. 1 .2/32 [1 10/20] via 10.123.2, 00:10:29, FastEthcrnctO/0 
O E2 1 0, 1.1.1 .'32 [1 1 0/20] via 10. 1 23.2, 00: 10:29, FastEthcrnctO'O 
E2 10. 1.24.0/24 [110/20] via 10.1232, 00:10:29, FastEthcrnctO/0 

Note this fulfills the requirement of the last task, but remember this task specified that R2 
should ONLY have 172.16.0.0/24 in its muting table. 

To verify the configuration: 

On R2 

R2#Show ip route Inc 172. 16 

172.16.0.0/16 is variably subnettcd. 2 subnets. 2 masks 
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R 172.16.0.0/24 [120/1 J via 10.1.12.1, 00:00:15, FastEthcrnctO/0.21 
() 172.16.0.0/1 6 is a summary, 0009:41, NullO 

R2 has two 172.16.X.X routes in its routing table: 172.16.0.0/24 which is learned from RIP 
and 172.16.0.0/16 which is the direct result of summarization, remember that when we 
summarize in OSPF, the I OS will inject a discard route to avoid forwarding loops, the 
injected discard mute can be for internal OSPF routes that were summarized or external 
OSPF routes that were summarized. 

If the discard route is internal and it needs to be removed, then the "\o discard-route 
internal" command can be used, but in this case its hi r external routes, there hi re, it can be 
removed using the following configuration: 

On R2 

R2(config)#rautcr ospl* I 
R2(eonfig-roLitcr)#no disc art! -route external 

'lit verify the configuration: 

On R2 

R2#Show ip route | inc 172. 16 

172. 16.0.0/24 is submitted, 1 subnets 
R 172.16.0.0 [120/1] via 10.1.12.1, 00:00:27, FastEthcrnctO/ 021 

On K3 

R3#Sfa ip route ospf 

O E2 172.16.0.0/16 [1 10/201 via 10.123.2, 00:24:19, FastEthcrnctO/0 

10.0.0.0/8 is variably sub netted, 6 subnets, 2 masks 
E2 10. 1. 12.0/24 [110/201 via 10.123.2, 00:34:30, FastEthcrnctO/0 
OE2 10.1.12/32 [110/201 via 10.123.2, 00:34:30, FastEthcrnctO/ 
O E2 10. 1.1 . 1 32 [1 1 0/20] via 10.123.2, 00:34:30, FastEthcrnctO. 
E2 10.1. 24.0/24 [ 1 1 0/20] via 10. 1 23.2, 00:34:30, FastEthcrnctO/0 
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Task 6 

Erase the startup configuration and reload the routers, you should also delete the 
"coniig. text" and "Yian.dat" on SW1 and reload this switch before proceeding to the next 
lab. 
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Lab 2 - Basics of Rcdistribution-II 
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l.al> Setup: 

• The F0 interface of Rl, R2 S R3 S R4 and R5 should be configured in VLAN 100 

■ The F0/1 interlace of Rl and BB1 should be configured in VLAN 200 

* The FfVl interlace of R3 and R6 should be configured in VLAN 300 

■ Use the lb Hawing 1 P addressing c hart for IP addressing assignment 
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IP addressing chart: 



Router 


Interface & IP Addressing: 


Ri 


FO'O- 10.1.1.1 /24 
F0/1- 10.1.11.1/24 
LoO- 1.1.1.1 '24 


R2 


F0/0- 10. 1 .1.2 ;24 

LoO -227.2/24 


R3 


F0/0- 10.1.1.3 '24 
F0/1- 10.1.36.3/24 

LoO -3.3.3.3/24 
Lol -30.3.3 3 24 

Lol -33.3.3.3 /24 


R4 


FO'O- 1 0.1. 1.4 .'24 
LoO- 4.4.4.4/24 
Lol -40.4.4.4.24 
Lo2- 44.4.4.4 •"24 


R5 


FO'O- 10.1.1.5/24 
LoO -5.5.5.5/24 
Lol -50.5.5.5/24 
Lo2- 55.5.5.5/24 


R6 


F0 1 - 10.1.36.6 24 
LoO -6.6.6.6 24 


[J [J I 


F0/1- 10.1.11.100/24 
LolOO- 100.1.1.1 /24 
Lol 01 -111 1.1.1. 1 '24 
Lol 02- 1112.1.1.1 '24 



Task I 

Configure the FO'O interlace of R3, R4 S R5 and LoO, 1 and Lo2 of R4 and R5 and Lo 1 of 
R3 in OSPF arcaO, Loopback interlaces should be advertised with their correct mask: 
assign the following OSPF costs to the loopback interfaces of R4 and R5: 



Router 


Interlace & OSPF Cost 


R4 


LoO - Cost 1 
Lol -Cost 20 
Lo2 - Cost 30 


R5 


LoO -Cost 10 
Lol -Cost 20 
Lo2 - Cost 30 



When configuring OSPF in this task. OSPF Process ID of 1 should be used 
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On K3 

R 3 (con fig)#ro liter o sp f 1 

R3(config-roLitcr)#nctw 10. 1.1.3 0.0.0.0 area 
R3 (co n fig-re li tcr)#nctw 30.3.3.30.0.0.0 area 

On R4 

R4(config-roLitcr)#int loO 

R4(config-if)#ip ospf network point-to-point 

R4 (co n fig- if )#i p o sp f co st 10 

R4(config-routcr)#int lol 

R4(config-if)#ip ospf network point-to-point 

R4(config-it>ip ospf cost 20 

R4(config-rontcr)r^int lo2 

R4(config-if)#ip ospf network point-to-point 

R4(eonfig-if)#ip ospf cost 30 

R4 (co n fig)#ro u tcr o sp f 1 

R4(config-routcr)#nctw 10.1. 1.4 0.0.0.0 area 
R4(config-routcr)#nctw 4.4.4.4 0.0.0.0 arcaO 
R4 (co n fig-router)* net w 4 0.4.4.4 0.0.0.0 area 
R4iL , onf]g-routcr)ri | nctw' 44.4.4.4 0.0.0.0 area 

On K5 

R5(config-roLitcr)#int loO 

R5(config-if)#ip ospf network point-to-point 

R5 (con fig- if )#ip ospf cost 10 

R5(config-roLitcr)#int lo 1 

R5(config-if)#ip ospf network point-to-point 

R5(config-ii>ip ospf cost 20 

R5(config-roLitcr)^int lo2 

R5(config-if)rrip ospf network point-to-point 

R5(config-if)#ip ospf cost 30 

R5(config)#routcrospf 1 

R5(config-roLitcr)#nctw 10. 1.1.5 0.0.0.0 area 
R5i;config.roLitcr)#nctw 5.5.5.5 0.0.0.0 arcaO 
R5(config-routcr)f*nctw 50.5.5.5 0.0.0.0 area 
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R5i;config-roLitcr)#nct\v 55.5.5.5 0.0.0.0 area 






To verify the configuration: 










On R3 










R3#Sho\v ip route ospf Inc Q 










O 50.5.5.11 |II 0/2 1] via 10.1.1.5, 00:03:47, FastEthemetO 
O 4.4.4.0 1110/11] via 10.1.1.4, 00:03:47, FaslElhernellM 
() 55.5.5.01 11 0/3 11 via 10.1.1.5, 00:03:47, FastEthernetO/O 
O 5.5.5.0 1110/111 via 10.1.1.5, 00:03:47, Fast Ether net 0/0 
O 40.4.4.0 I110/21] via 10.1.1.4, 00:03:47, FastEthemetO 
O 44,4.40 |110/31] via 10.1.1.4, 00:03:47, FastEthernetfl/O 








Task 2 








Configure Eigrp AS 100 on the FO'O interface of R3, R2, Rl; FO.T interface of Rl and 
BB 1 : LoO, Lo 1 and Lo2 of BB 1 : LoO of R I , R2 and R3. 










On R3 










R3(c:onfig)#raLitcr cigrp 100 
R3(config-roLitcr)#no an 
R3lconfig-roLitcr)^nct\v 1 0. 1.1.3 0.0.0.0 
R3i;config-router)#nctw 3.3.3.3 0.0.0.0 










On R2 










R2iconfig)#routcr cigrp 1 00 
R2 (c o n fig -r o u t er)#iia an 
R2i;config-roLUcr)r*nct\v 10. 1. 1.2 0.0.0.0 

R2(coni1g-routcr)#nctw 2.2.2-2 0.0.0.0 










On Rl 










R 1 (co n figure u tcr cigrp 100 
R I (c o n fig-ro li tcr)#no au 
Rli;con%-roLitcr)#nct\v 1 0. 1.1.1 0.0.0.0 
R 1 i;config-roi.itcr)#nct\v 1.1.1.10.0. ft 


168 




CC 
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Rl (config-routcr^nctw 10. 1.1 U 0.0.0.0 

On BBI 

BB I (config')#routcr cigrp 100 

BBI (con fig-router )#no sli 

BB I (con fig-router )f*nctw 1 0. 1. 1 1 . 100 0.0. 0.0 

BB 1 (con fig-router )#nctw 1 00. 1.1.1 0.0.0. 

BB 1 (con fig-routcr)#nct\v 101.1.1.10.0.0.0 

BB 1 (config-routcr)#nctw 1 02. 1.1.1 0.0.0.0 

To verify the configuration: 

On K3 

R3#Show ip route cigrp I Inc D 

D 102.1.1.0 [90/1587201 via 10.1.1.1,00:04:23, FasiEthernetWO 

D 1.1.1.0 190/1561601 via 10.1.1.1, 00:06:44, FaslElhernelO/0 

D 2.2.2.0 1 90/ 156 160 1 via 10.1.1.2, 00:00:07, Fast Et hern et0/0 

D 100.1.1.0 [90/1587201 via 10.1.1.1, 00:04:33, FaslEthernelft-'O 

D 101.1.1.0 [90/1587201 via 10.1.1.1,00:04:29, Fa si Ethernet 0/0 

D 10.1.11.0 90/307201 via 10.1.1.1, 00:06:34, FastEthernetO/0 



Task 3 

Configure another OSPF routing domain using OSPF process ID of 36 on the F0 1 
interlace ofR3 and R6: LoO interlace of R6 and Lo2 of R3. These Soopback interfaces 
should be advertised with their correct mask 



On K3 

R3(config-ii>int lo2 

R3(config-if)#ip ospf net point-to-point 

R3(config)#routcr ospf 36 

R3(config-roLitcr)#nct\v 1 0. 1.36.3 0.0.0.0 area 
R3(config-roLitcr)^nctw 33.3.3.3 0.0.0.0 area 

On R6 
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R6(config')#int loO 

R6iconfig-if)#ip ospf nctw point-to-point 

Rfifeonfig^rautcr ospf 36 

R6(config-roLitcr)^nct\v ] 0. 1.36.6 0.0.0.0 area 
R6i;config-router)#nctw 6.6.6.6 0.0.0.0 area 

In verify the configuration: 




On K3 

R3#Show ip route ospf 36 Inc 

6.6.6.0 [110/2] via 10. 1.36.6, (11:00:59, FastEthcrnctO/1 




Task 4 

Configure R3 to redistribute Eigrp 100 into OSPF 1 such that networks 1. 1. 1 .0 .'24 and 
22.2.0 /24 will have a tag of 1 1 1 and 222 respectively,, the rest of the routes should have 
a route tag of 333. 






On R3 

R3i;config)#acccss-list 1 permit 1.1.1.0 0.0.0255 
R3(eonfig)#acccss-list 2 permit 2.22.0 0.0.0255 

R3(config)#routc-map TST permit 10 
EG(exJnfig-routfrmap )£ match ip addr 1 
R3(config-routc-map)#st;l lay 111 

R3 (c o n fig )n route- map TST permit 20 
R3 ( co n fig-route- map )n match ip addr 2 
R3 (co n fig-route- map )# set lay 222 

R3(config)#routc-map TST permit 30 
R 3 (c o n fig-route- map )#st;l lay 333 

R3fconfig)rrmLUcrospf 1 

R3(config-routcr)#rcdistribLitc eigrp 100 route-map TST subnets 

I o verify the configuration: 
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m 



On R3 








R3*Sho\v 


ip ospf I database 






OSPF Router with ID (33.3.3.3) (Process ID 1 ) 






Router Link States (Area 


0) 




Link ID 


ADV Router Age 


Scq# Checksum Link count 


T ~i T T T 


33 3 3 3 179 


0x80000008 0x008002 2 




44.4.4.4 


44.4.4.4 641 


0K80OO0OO5 0x00487A 4 




ss s s ^ 


55.5.5.5 467 
Net Link States (Area 0) 


0x80000005 0x00F7914 




Link ID 


ADV Router Age 


Scq# Checksum 




1 0. 1 . 1 .3 


3 :> . 3, .?. j 6 o . 


0x80000003 0x007 A D7 






T\pc-5 AS External Link States 




Link ID 


ADV Router Age 


Scq# Checksum 


Tag 


I.I. 1.0 


33.3.3.3 179 


DxSOOQOOO! 0.X00C531 


111 


2.2.20 


33.3.3.3 179 


0x80000001 0x0085 FD 


222 


33.3.0 


33.3.3.3 179 


0x8000000 1 0x00928C 


Mi 


10.1.1 1.0 


-I-I-I-IT inn 


0x80000001 0x008C78 


333 


100. I.I. 


33.3.3.3 179 


0x80000001 0x006450 


333 


101.1.1.0 


33.3.3.3 179 


Ox 80 00 0001 0x00 5 7 5C 


Hi 


102. 1 . 1 .0 


33.3.3.3 192 


0x80000001 0x004 A68 


333 


On R4or R5: 






R4#Sho\v 


ip route ospf Ine 






R4*Show 


ip route ospf Ine E2 






E2 10 


2.1.1.0 [110/20] via 10.1 


. 1 . L 00:0 3:0 7 , FastE thcrnctO.'O 


OE2 1. 


1.1.0 [110/20] via 10. I.I. 


1, 00:03:07, FastEthcrnctO 


OE2 222.0 [11 0/20 J via 10. I.I. 


2, 00:03:07, FastEthcrnctO/0 


QE2 100.1.1.0 [110/20] via 10.1 


. 1 . L 00:03:07, FastE thcrnctO/O 


OE^ 3. 


3.3.0 [11 0/20 J via 10. 1.1. 


3, 00:03:07, FastEthcrnctOO 


0E2 101. 1.1.0 [110/20 J via 10.1 


.1.1, 00:03:07, FastE thcrnctO/0 


OE2 I 0.1.1 1.0 [110/20] via 10.1 


.1.1, 00:03:07, FastE thcrnct0/0 


On R4 
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R4*Sho\v 


ip ospf database 


B Tvnc- 


5 AS External 






Typc-5 AS External Link States 


Link ID 


ADV Router 


Agc 


Scq# Checksum 


Tag 


1.1.1.0 


333.3.3 


368 


0x80000001 0x00 C 531 


111 


2.2.2.0 


- ? —7 ■•? ■ —? ■ •." 


368 


0x80000001 Ox 00 8 5 FD 


222 


33.3.0 


33333 


368 


0x80000001 0x0092 8C 


333 


10.1.11.0 


33333 


368 


0x80000001 OxOOSCTS 


333 


100.1.1.0 


53333 


368 


0x80000001 0x006450 


333 


101.1.1.0 


33333 


368 


0x80000001 0x00575C 


333 


102.1.1.0 


33333 


368 


0x80000001 0x004A68 


333 



Task 5 

Configure R4 to filter all routes that are tagged with 111, you should NOT use an access- 
list or a prefix- list to accomplish this task. 



On K4 

R4(config)#routc-map TST deny 10 
R4 ( OQ n fig-ro ate- map )# match tag 111 

R4 (con figure utc- map TST permit 20 

R4 (co nfig)#ra utcr ospl" I 

R4 (con fig-ro Litcr)r*di st rib utc- list route- map TST in 



To verity the configuration: 



On K4 

R4"Show ip route ospl' 1 Inc E2 

O E2 102. 1 . 1 .0 [ 1 1 0/2O] via 10. 1.1.1, 00:0 1 :52, FastE thcrnctO/0 

O E2 222.0 [110/20] via 10.1.1.2, 00:01:52, FastEthcrnctO 

E2 100. L1.0 [110/20] via 10.1.1.1, 00:01:52, FastEthcrnctO 

E2 3.3.3.0 [1 10/20] via 1 0. 1.1.3, 00:01:52, FastEthcmctO/O 

O E 2 1 1 . 1 . 1 .0 [ 1 1 0/20] via 1 0. 1 . 1 . 1 , 00:0 1:52, FastE thcrnctO/0 

E 2 1 0. 1 . 1 1 .0 [ 1 1 0/20] via 1 0. 1 . 1 . 1 , (H):0 1:52, FastE thcrnct 
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Note Network 1.1.1.0 /24 is no longer in the routing table of Rl, but you should 
remember that it is still in the database of this router, the output of the following 

show command reveals that information: 

R4#Show ip os pi' database external | lnc_l. 1.1.0 
Link State ID: 1.1.1.0 (External Network Number ) 






Task 6 

Configure R5 to filter al! routes that arc tagged with 12.1, you should NOT use an acccss- 
list or a prefix-list to accomplish this task. 






On \15 

R5(config)#rautc-map TST deny 10 
R5 (c o nfig-ro Lite- map )# match lay 222 

R5(config)#rautc-map TST permit 20 

R 5 (co n fig )#ro u tcr o sp f 1 
R5(eonfig-routcr)r*distributc-list route-map TST in 

To verify the configuration: 

On k5 

R5#ShcFW ip route OSpf Inc E2 

O E2 102. 1 . 1 .0 [ 1 1 20] via 1 0. 1 . 1 . 1 , 00:0 1 :55, FastE thcrnctO/0 
O E 2 1 . 1 . 1 . [1 1 0/20 J via 10.1.1.1, 00:0 1 :55, FastEthcrnctO 
O E2 100. 1 . 1 .0 [ 1 10/20] via 1 0. ! . ! . 1 , 00:0 1 :55, FastEthcrnctO 
O E2 3 33.0 [1 1 0/20 J via 1 . 1 . 1 . 3, 00 :0 1 : 5 5, F ast E theme tCl 
O E2 10 1 . 1 . 1 .0 [ 1 1 0/20] via 1 0. 1.1.1, 00:0 1 :55, FastE thcrnctO/0 
O E2 1 0. 1 . 1 1 .0 [ 1 10/20] via 1 0. 1 . 1 . 1 , 00:0 1 .55, FastE thcrnctO/0 
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Task 7 

Configure R3 to redistribute OSPF 1 into Eigrp 100 such that network 4. 4. 4.0. '24 and 
5.5.5.0 24 arc tagged with 444 and 555 respectively 



On K3 

R3 (co n fig>acccs s- li st 4 perm it 4 . 4 .4 . 0. . . 2 5 5 
R3(config)#access-list 5 permit 5.5.5.0 0.0.0.255 

R3 (con figure utc- map TST1 permit 10 
R3(conf]g-routc-map)"match ip addr4 
EO{oanfig-rouftt-map)$8ei lag 444 

R3(config)#routc-map TST1 permit 20 

R3(eonf]g-routc-map)r*match ip addr 5 
R3 (con Jig -route- map)* set tag 555 

R3(config)#routc-map TST1 permit 30 

R 3 (co n fig')#ro u tcr eigrp 1 00 

R3(config-routcrY#rcdistributc ospf 1 route-map TST1 metric 1 

To verity the eont'i»umtion: 

On R3 

R3f*Sh ip eigrp topo.ogy lnc444 555 

P 4.4.4.0 24, 1 successors, FD is 2560000256, tag is 444 
P 5.5.5.0 24, I successors, FD is 2560000256, tag is 555 



Task8 

Configure R2 to filter network 4.4.4.0 .'24. do not use an access-list or a prefix-list to 
accomplish this task. 



On R2 



R_— SI'i :p cigrn topology Inc 444 
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P 4.4.4.fl-'24, 1 successors, FD is 256000281 6, tag is 444 

Note R2 sees the tug that was assigned in the previous task. 

R2(config')#routc-map TST deny 10 
R2(config-routc-map)"inatch tag 444 

R2(config)r#ro utc- map TST permit 20 

R2(config)#routcr cigrp 1 00 
R2iconf]g-routcr)T*distributc-list route-map TST in 

'1'u verify the configuration: 

On R2 

R2sShow ip route cigrp Inc EX 

D EX 50.5.5.0 [170 25600028 16J via 1 0. 1.1.3, 00:10:26, FastEthcrnctO 

D EX 55.5.5.0 [170/25600028 16] via 1 0. 1.1.3, 00:10:26, FastEthcrnctO 

D EX 5.5.5.0 [170/256000281 6] via 10.1. 1.3, 00:07:1 7, FastEthcrnctO/0 

D EX 40.4.4.0 [1 70/25600028 1 6J via 10.1. 1.3, 00:10:26, FastEthcrnctO/0 

D EX 44.4.4.0 [170/25600028 16] via 10.1.1.3, 00:10:26, FastEthcrnctO 

D EX 30.3.3.0 [170/2560002816] via 10.1.1.3, 00:10:26, FastEthcrnctO 



Task 9 

Configure R5 to filter all routes that originated by R4. DO NOT use a prefix- list or route 
tags to accomplish this task. 



On K5 

Note R5 receives the lolhnving three routes from R4: 

R5f*Show ip route Inc 10.1.1.4 

4.4.4.0 [ 1 10/1 1 J via 1 0. 1 . 1 .4, 00:2 1 :48, FastEthcrnctO 
40.4.4.0 [11 0/21 J via 10.1. 1.4, 00:2 1:48, FastEthcrnctO/0 
O 44.4.4.0 [110/31 J via 10.1. 1.4, 00:21 :48, FastEthcrnctO/0 

To configure the task; 
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The "match ip route- source" can be used to accomplish this task: IN OSPF THE 
ROUTE-SOURCE IS NOT THE NEXT HOP IP ADDRESS, IT IS THE ROUTER 
ID OF THE ROUTER THAT ADVERTISED THE ROUTES: to see the router id of 
R4: 

R4*Shipospf 1 Inc ID 

Routing Process "ospf 1" with ID 44.4.4.4 

R5i con fig)#acccss- list 4 permit 44.4.4.4 

In task ft the following route-map *vas created and applied inbound on R5: 

R5(config)#miUc-map TST deny 10 
RSfconfig-routc-map)* match tag 222 

R5 (configure lit c- map TST permit 20 

This task ui[[ Lid d the folltmint; line to the same route-map: 

R5 1 con fig )#ro Lite- map TST1 deny 10 

R5 ( co n fig -route- map )% match ip route- source 4 

As Lt result the nen route-map should look like the 1'oLh.ming: 

On R5 

R5iconfig)#routc-map TST deny 10 
Rficonfig-routc-mapismatch tag 222 

R5(config')#roLitc-map TST1 deny 15 

R5 (con fig -route- map)" match ip route- source 4 

R5(config)r#routc-map TST permit 20 

Note the reason we have the sequence numbers in a route-map is so we can add 
configuration lines in the middle of a route-map, in this case route-map sequence 
number 15 is added between route-map 10 and 20. 

Since the route-map is already applied, no further configuration is necessary 
To verify the configuration: 

On K5 
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R5?*Show ip route Inc 1 0. 1 . 1.4 

R5# 

Note the networks that were advertised by R4 are filtered. 






Task HI 

Configure R3 to redistribute all routes from "OSPF 1" and all Eigrp 100 routing domain 
into *X)SPF 36" routing domain using the following policy: 

• The routes from "OSPF 1 '' routing domain with an OSPF cost of 1 1 should be 

redistributed as "E2" OSPF routes, these routes should ha\ c a tag of 1 1 

• The routes from "OSPF 1 " routing domain with an OSPF cost of 2 1 should be 
redistributed as "E2 :r OSPF routes, these routes should have a tag of 21 

• The routes from "OSPF 1 : ' routing domain with an OSPF cost of 3 1 should be 
redistributed as "E2" OSPF routes, these routes should have a tag of 31 

• Eigrp 1 00 routes should be redistributed as "E 1" routes with a route tag of 99. 
■ DO NOT use an access-list or prefix -list to accomplish this task 






On R3 

R3 (con fig)?* route- map TST9 permit 10 

R3 1 co n fig -route- map )# match source-protocol OSPF 1 

R 3 (eon fig -route- map)?? match metric 11 
R3 (con fig-ro utc- map)?? set tag 11 

R 3 (con fig)?? route- map TST9 permit 20 
R 3 (config-ro utc- map)?? match source-protocol OSPF 1 
R3 (co n fig-ro u t c- map ) ?? m a te h me tri c 2 1 
R3(eonfig-routc-map)r?set tag 21 

R3 (con fig)?? route- map TST9 permit 30 
R3(eonfig-roiitc-map)??mateh source-protocol ospf 1 
R3 (eon fig-ro utc- map)?* match metric 31 
R 3 (co n fig-ro utc- map )n set tag 31 
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R3 (con figure utc- map TST9 permit 40 

R3(eonfig)#routc-map Eiyrp permit 10 

R3 (con fig-route- map )# match source-protocol Eiyrp 1(10 

R3 (con fig -route- map) "Set tay 99 

R3(eonfig -route-map)" set met ric- type type-1 

R3 (co n fig )£ ro u t cr o sp f 36 

R3(config-routcr)#rcdistribLitc ospf 1 route-map TST9 subnets 

R3(eonfig-routcr)#rcdistribLitc cigrp 100 subnets route-map Eiyrp 

10 verity the configuration: 

On R6 

R6#Show ip route ospf lne El 

O E 1 102.1.1 .0 [ 1 1 0/2 1 J via 10.1. 36. 3, 00:09:25, FastEthcrnctO' 1 

O El 1 .1.1.0 [110/21 J via 10.1.36.3, 00:09:25, FastEthcrnctO/ 1 

E 1 222.0 [1 10/21 J via 10. 1 .36.3, 00:09:25, FastEthcrnctO/ 1 

O El 100.1.1.0 [110/21] via 10.1.36.3, 00:09:25, FastEthcrnctO' I 

O El 3.3.3.0 [110/21 J via 10.1.36.3, 00:09:25, FastEthcrnctO/ 1 

El 101.1.1.0 [110/21] via 10X36.3, 00:09:25, FastEthcrnctO I 

O E 1 10.1.1 1 .0 [ 1 1 0/2 1 J via 10.1 .36.3, (1.1:09:25, FastEthcrnctO' 1 

O El I 0.1.1 .0 [1 10/21] via 10.1.36.3, 00:09:25, FastEthcrnctO,' 1 

R6#Sho\v ip route ospf lne E2 

E2 50.5.5.0 [110/21] via 10.1.36.3,00:14:15, FastEthcrnctO/ 1 

E2 4.4.4.0 [110/1 1 J via 1 0. 1 .36.3, 00:14: 1 5, FastEthcrnctO/ 1 

O E2 55.5.5.0 [1 10/31] via 10. 1.36.3, 00:14:15, FastEthcrnctO/ 1 

O E2 5.5.5.0 [110/11 J via 10.1.36.3,00:14:15, FastEthcrnctO/ 1 

O E2 40.4.4.0 [110/21] via 10.1.36.3, 00:14:15, FastEthcrnctO. I 

O E2 44.4.4.0 [1 10/31] via 10. 1.36.3, 00c 14: 15, FastEthcrnctO/ 1 

Q E2 30.3.3.0 [11 0/1 J via 10.1.36.3,00:12:14, FastEthcrnctO/ 1 

R6#Show ip ospf database | lne 1 1_ 

4.4.4.0 30.3.3.3 999 BxSQQOOOOl Ox0O75F5 11 

5.5.5.0 30.3.3.3 999 0x80000001 0x0051 17 11 

R6f*Show ip ospf database | lne 21_ 

40.4.4.0 30.3.3.3 1069 0x80000001 0x00B87A 21 
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50.1 5j0 


.m.I.:\j>. J 


1069 


0x80000001 


Ox 00 IF OS 21 


R6f*Show 


ip ospf database | Inc 31_ 






44.4.4.0 


30.3.3.3 


1093 


0x8)000001 


0x009D7D 31 


1111.0 


30.3.3.3 


1093 


0x80000001 


0x()0F617 31 


R6f*Show 


ip ospf datab 


asc | Inc 99_ 






1.1.1.0 


ii\ i i i 


926 


0x80000002 


OxOOECAl 99 


22.2.0 


30.3.3.3 


926 


0x80000002 


Ox 00 CSC 6 99 


3.3.3.0 


30.3.3.3 


926 


0x80000002 


OxOOA4E7 99 


10.1.1.0 


-i i" ( -i i i 


926 


0x80000002 


0x007712 99 


10.1.1 1.0 


1 f 't *• T T 


926 


0x800 00002 


0x000976 99 


100.1.1.0 


j U. j.j.j 


926 


0x80000002 


Ox no k cm; 99 


101.1.1.0 


30.3.3.3 


926 


0x80000002 


0x00D35A 99 


102. 1 . 1 .0 


30 1 - 3 


926 


0x80000002 


OxOOC666 99 



Task 11 

Configure R3 such that Eigrp routes that have a composite metric of 156160 to 158720 
arc NOT redistributed into "OSPF 36" routing domain. None of the previous 
configurations should be removed or overridden to accomplish this task. 



This task is asking for Hit; routes that have a composite metric of 156160 to 15S720, the 
formula to calculate the metric and the dc, iation \aiue is as folio us: 

The two numbers are added and then divided by 2: 

156160-158720=31488(1 

314880 / 2 = 157440 ■> This gives us the metric value 

To calculate the deviation value: 

Subtract the start of the range number (The lower value or the "from " value, in this ease 

156160) from the "to" value, in this case 158720 and then divide the result by two: 

15872(1- 156160 = 256(1 

256(1 / 2 = 1280 

Therefore, the "match metric'" command will have the following values: 

Match metric 157440 +-12 SO 

To test the values: 
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157440 - 1280 = 156160 Note this is the start of the range 
157440 ^ 1280 =158720 this is the top of the range. 

On K3 

R3(config)#rautc-map TASK-10 deny 10 

R3[[;c)nr]g-roLitomap)"match metric 157440 -- 1280 

R3(config)#routC"map TASK-10 permit 20 

R3(config-routc-map)#routcr cigrp 100 

R 3 (co n fig-ro li tcr )#d i strib utc-Ii st ro Lit c- map T A S K - 1 i n 

To verify the configuration: 

On 113 

R3frShow ip route cigrp 

1 0.0.0. 0'24 is subletted, 3 subnets 
D 10.1.11.0 [90.30720] via 10.1.1.1, 02:15:28, FastEthcrnctO 

Note if it is nut in the routing table of R3 as an Eigrp route it will NOT get redistributed. 

On K6 

R6#Show ip ospf database Inc 99_ 

0x80000003 0x00 A2E8 99 
0x80000003 0x007513 99 
0x80000003 0x000777 99 

Note networks 3.33.0 and 10.1.1.0 are directly connected links to R3 and therefore, the 
composite metric of these two routes are NOT within the stated range. 



33.3.0 


30.333 


1373 


10.1.1.0 


30.333 


1373 


10.1.11.0 


30.3.3.3 


1373 



Task 12 

Erase the startup configuration and reload the routers before proceeding to the next task. 
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Lab 3 -Redistribution 



Interface VLAN 11 
10.1.11.11 124 
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l.al> Setup: 

■ C o n figu rc R 1 a nd R4 ' s F 0/0 in tcrtac c i n VL AN 1 4 
• Configure Rl andR2'sF0'l interlace in 'VL AN 12 



Configure R2 and R3's Ffl/0 interlace in VLAN 23 



• Configure R3 and R6's FQ'l interlace in VLAN 36 

• Configure R5 and R6' s FG.'O interlace in VL AN 56 
■ Configure R4 and R5' s F0/1 interlace in VL AN 45 

• L'sc the lb Ho wing 1 P addressing c hart: 



ll J aLtritx'ssints Chart: 



Router 


VLAN 


Interface & IP Addressing 


Rl 


14 
12 


Fa/0-10.1.14.1 '24 
F0/1 -10.1.12.1 /24 
LoO- 10.1.99.1/32 


R2 


12 
23 


FO.i -10.1.12.2/24 
F0/0- 10.1.23.2/24 
LoO-10.L99.2-32 


R3 


23 
36 


FG.'O -10.1.23.3 '24 
FO.i - 10.1.36.3 24 
LoO -10.1. 993/32 


R4 


14 
45 


F0/0- 10.1.14.4/24 
F0/1 -10.1.45.4/24 
LoO- 10.1.99.4/32 


R5 


45 
56 


F0/1 -10.1.45.5/24 
Fft 0-10.1.56.5/24 
LoO -10.1.99.5/32 


R6 


56 
36 


FO-'O- 10.1.56.6/24 
P0/1 -10.1.36.6,24 
LoO -10.1.99.6/32 


SW1 


14 


Muni 1 - 10.1.11.11 24 
Vlanl4- 10.1.14.11/24 


S\Y2 
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Task 1 

Configure these devices such that when SYV2, R2 or R5 communicate with VLAN I I 
they should use the following policies: 

■ The traffic between SVV2, R2 or R5 and Vlan 11 must always take the East path, 
even if the West path is closer. 

• The East path should be the primary path, ensure that the solution covers any 
broken reachability on this path; the West path should be configured to be the 
backup path. 

■ One static route is allowed to be configured on R I . R4 and or SW I 

OSPFi 

• VLAN 23 should be configured in area 23 

• VLAN 12 should be configured in area 12 

• VLAN" 56 should be configured in area 56 

■ VLAN 45 should be configured in area 

• Type 5 LS As are NOT permitted in area 56 

• Place loopback interfaces in the lower area IDs when possible. 

Eigrp: 

- ONLY configure VLAN 36 in Eigrp AS 100 

■ R6 should be configured as a stub router 

DO NOT use GRE, IPsec and/or IPnlP tunnels to accomplish this task 



Since this lab is one huge task, it requires lots of planning and design, this lab needs 
to be followed step by step because it is simply designed to teach some important 
concepts when redistribution is configured. 

The first step is to enable routing on the switches: b\ default. IP routing is NOT 
enabled: 

On SW 1 

SWx(config)#ip routing 

In this lab all devices need to communicate with VLAN 1 1, therefore, they need to 
have reachability to VLAN 1 1, this reachability will be provided in the later 
solution s. but VLAN 1 1 also needs to have a return path to these networks' subnets: 
since the East side must be the primary path and the West side needs to be the 
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backup, there must be a way to control this condition, this solution configured 
HSRP to accomplish this task. 

The first step in accomplishing this task is to configure the static routes: 

On Kl and R4 

RI(config)#ip route 10.1.11.0 255.255.255.0 10.1.14.11 

To verify the configuration: 

On Kl 

Rl*Ping 10.1.11.11 

Type escape sequence to abort. 

Sending 5 r 100-bytc 1CMP Echos to 10. 1. 1 1 . 1 1. timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avg/max = 1/1/4 ms 
On K4 

R4*Ping 10.1.11.1 1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1.11.11. timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms 

Next, we must configure a static route on SVV1, but what should be the next hop for 

this static route? 

Should it be R4? Well even though R4 is in the East side (Primary path) but what if 

one of the links is dow n? How will the path switch over when one of the links in the 

primary path is down? 

One way to resolve this issue is to use HSRP, R4 should be configured as the active 

router because it belongs to the East side, and Rl should be configured to be the 

standby router. Since no IP address is given for the Virtual IP, the VIP depicted for 

this solution is 10.1.14.100 (An arbitrary IP address). 

On Kl 



Rl(config)#inttrjTJ 

R 1 (config-if^standby 1 ip 10.1 .14. 100 

R I (c o n fig- if)fr5t an d by I p re emp t 
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On K4 

R4<COnfig)#int fO/0 

R4(config-il>standby 1 ip 10.1.14.100 
R4(config-if)#standby 1 preempt 
R4(config-if)#standby 1 priority I 1 

To verify the configuration: 

On Kl 

R 1 # sho w St an db y brie f 

P indicates configured to preempt. 

Interlace Grp Prio P State Active Standby Virtual IP 

FaO.'O I 100 P Standby 10.1.14.4 local 10.1.14.100 

On K4 

R4f*show Standby brief 

P indicates configured to preempt. 

Interlace Grp Prio P State Active Standby Virtual IP 

FaO.O I 110 P Active Local 10. 1. 14.1 10.1.14.100 

The next step is to configure the static route on SW1, this is configured for the 
return traffic for any of the networks/subnets in this topology: 

On S\V I 

S W 1 (c o nfigjS p rou t e 0. .0 . (I 0. .0 .0 1 I) . 1 . 1 4 . 1 

To verify the configuration: 

On S\V I 

S W'l .ffrShow ip route static 

S* 0.0.0.0/0 [1/0] via 10. 1. 14. 1 00 

SWUPing 10.1.14. 100 
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Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 14. 1 00. timeout is 2 seconds: 



Success rate is 80 pure tint (4/5), round-trip min/avg/max = 1/2/8 ms 

The next step is to configure IGP, this is done from top to bottom starting with 
OSPF area in the East side, when configuring OSPF, the router ids are extremely 
important, unless the task specifically forbids it. Remember that the loopback 
interfaces must be configured in the lower area ID. Since area 56 is NOT allowed to 
have LS.A type 5s, its configured as a stub. 

On K4 

R4 (co n fig)#ro u tcr o sp f I 
R4(eonfig-routcr)r*routcr-id 10.1 .99.4 
R4i;config-roLitcr)*\ctw 1 0. 1.45.4 0.0.0.0 area 
R4i;config-raLUcr)#nctw 1 0. 1.99.4 0.0.0.0 area 

To verity the configuration: 

On R4 

R4"Show ip ospf interface brief 

Interface P1D Area IP Ad dress' Mask Cost State Nbrs F.'C 

LoO i 10.1.99.4/32 i LOOP 0.0 

FaO.T I 10.1.45.4/24 I DR 0/0 

On R5 

R5(config)#roLitcrospf 1 
R5i;config-roLitcr)#rout er-id 1 0. 1 . 99. 5 
R5i;config-roLitcr)#Nctw 10. 1.45.5 0.0.0.0 area 
R5i;config.roLitcr)#\ct\v 10. 1.56.5 0.0.0.0 area 56 
R5i;con%-routcr)#N"ct\v 10. 1.99.5 0.0.0.0 area 
R5(eonfig-rai.itcr)#arca 56 stub 

To verify the configuration: 

On R5 

R5#Shflw ip route ospf 
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10.0.0.0/8 is variably subnctted, 4 subnets, 2 masks 
10. 1.99.4/32 [ 1 1 6/2 J via 1 0. 1.45.4. (11:03:06, FastEthcrnctO I 

The next step is to configure area 56: 

On R6 

R6(config)#routcr ospf 1 
R6(config-router)#routcr-id 1 0.1 .99.6 
R6i;con%-roLitcr)#Nctw 10, 1.56.6 0.0.0.0 area 56 
R6i;config-roLitcr)*Xetw 1 0. 1.99.6 0.0.0.0 area 56 
R6(config-routcr)#arca 56 stub 

To verify the ennfiguration: 

On K6 

R6frShow ip route ospf 

10.0.0. G'8 is variably subnctted, 6 subnets, 2 masks 
O 1 A 1 0. 1 .45.0/24 [110/2] via 10.1.56.5, 00:01:06, FastEthcrnctO. 
LA 10.1.99.4 32 [110/3] via 10.1.56.5, 00:01:06, FastEthcrnctO 
LA 10.1.99.5 32 [110/2] via 10.1.56.5, 00:01:06, FastEthcrnctO 
0*1A 0.0.0.0 [HO/2] via 10.1.56.5, 00:00:17, FastEthcrnctQ'O 

To verify the configuration: 

On R6 

R6*Ping 10.1.99.4 

Type escape sequence to abort. 

Sending 5, 100-bytc IC MP Echosto 10.1.99.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

R6*Ping 10.1.99.5 

Tvpc escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echosto 10.1.99.5, timeout is2 seconds: 



Success rate is 100 percent (5/5), round- trip min/avg max = 1/1/4 ms 
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Note the reachability to VLAN 1 1 «ill be addressed later. 

The next step is to configure the East side: 

On kl 

R I (con fig)#ra Liter o sp f I 
Rl fconfig-roLitcrJ^routcr-id 1 0. 1 .99. 1 
Rl(config.routcr')#Xctw 10.1.12.1 0.0.0.0 area 12 
Rl(config-routcr)#Xctw 10. 1.99. 1 0.0.0.0 area 12 



To verify the configuratinn: 



On kl 



Rl#Show ip ospf interface brief 



IP Address Mask Cost State N'brs F.'C 
10.1.99.1/32 I LCX)P 0/0 

10.1.12.1/24 I DR QIC 



Interface P1D Area 
LoO I 12 

FaO/1 I 12 

On R2 

R2(config)#routcrospf 1 
R2(config-roLitcr)#rout cr-id 1 0. 1 . 99.2 
R2i;conf]g-routcr)sNctw 1 0. 1. 12.2 0.0.0.0 area 12 
R2i;conf]g-roLUcr)#Nct\v 10. 1.99.2 0.0.0.0 area 12 
R2(config-roiucr)#Nctw 1 0. 1.23.2 0.0.0.0 area 23 

To verify the configuration: 

On R2 

R 2? Show ip route ospf 

I 0.0.0.0/8 is variably subnettcd. 4 subnets. 2 masks 
10.1.99.1/32 [110/2] via 10.L12.K (30:01:28, FastEthernetO. 1 

On k3 

R3(eonfig)#rautcrospf I 

R3 (co n fig-ro u t cr)# ru ut cr-id 1 0. 1 .99.3 

R3i;conf]g-routcr)*Xct\v 10. 1.23.3 0.0.0.0 area 23 
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R3(config-roiucri*Nctw 10. 1.99.3 0.0.0.0 area 23 
To verify the configuration: 

On R3 

R3#Show ip route ospf 

Note no mutes are exchanged, next the routing table of Rl is examined: 

On Kl 

Rl#Show ip route oggf 

10.0.0.0/8 is variably subnetted, 5 subnets. 2 masks 
10.1.99.2/32 [110/2] via 10.1.122,00:13:13, FastEthcrnctO/ 1 

Note Rl does NOT have the R2*s F0/0 interface in its routing table. We should 
examine R2's routing table: 

On R2 

R2f*Show ip route ospf 

I 0.0.0. 0'8 is variably subnetted, 5 subnets, 2 masks 
10.1.99.1/32 [110/2] via 10.1. 12.1, 00:15:51, FastEthcrnctO 1 
10. 1 .993/32 [ 1 10/2 J via 10. 1.23.3, 00: 1 1 :57, FastEthcrnctO/0 

Note R2 contains all routes in its muting table but does NOT advertise the routes 
from one area to another. 

Remember ONLY an ABR can advertise routes from one area to another. But an 
ABR is a router that connects two different areas and this happens to be the case for 
R2, well.... let's verify the fact thatRl is an ABR: 

On kl 



R ["Show ip ospf border 



OSPF Process 1 internal Routing Table 



Codes: i - Intra- area mute. 1 - Inter- area route 
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Note Rl does. NOT see R2 as an ABR, this is because R2 does NOT have 
connectivity to area (I, to fix this problem a Loopback interface is created and 
placed in area as follows: 

On R2 

R2(config)#int Io2 

R2(config-if>ip address 10.2.99.2 255.255.255.255 

R2i;config-it>IPospfl area 

To verify the configuration: 

On Rl 

R [#S|j0w ip ospl" border 

OSPF Process I internal Routing Tabic 

Codes: i - Intra- area route, 1 - Inter- area route 

i 10. 1.99.2 [1] via 10.1.122, FastEthcrnctO/ 1, ABR, Area 12, SPF 5 

R l#Show ip route ospf 

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks 
1 A 10.1 .2 3.0/24 [ 1 *1 0/2] via 1 0. 1 . 12.2, 00:02: 1 0, FastEthcrnctO/ 1 
1A 10.2.99.2/32 [110/2] via 10.1.12.2, 00:02:10, FastEthcrnctO/ 1 
10.1. 99.232 [110/2] via 10.1.12.2,00:02:10, FastEthcrnctO 1 

1A 10.1.99.3 32 [110/3] via 10.1.12.2, 00:02:10, FastEthcrnctO/ 1 

On K3 

R3#Sho\v ip route ospf 

1€.0.0.0'8 is variably subnetted, 7 subnets, 2 masks 
O 1 A 1 0.1 .12.0/24 [110/2] via 10.1.23.2, 00:03:01, FastEthcrnctO 
1 A 1 0239.2/32 [110/2] via 10.1.23.2, 00:03:01, FastEthcrnctO/0 
1A 10.1.99. 1 32 [110/3] via 10.1.23.2, 00:03:01, FastEthcrnctO/ 
O 1 A 1 0.1 .99.2 32 [1 10/2] via 10.1.23.2, 00:03:01, FastEthcrnctO 

The next step is to configure Eigrp: 
On SV2 



CCIE R&<> b> Narbik Kucharians Advance! CC1E R&S Work Book 2.0 Page 944 of 1068 

C 2009 Xarbik Kuchn riant. All rig lib reserved 



S\V2(config')#routcr cigrp 100 
S \V2 1 c o nfig - ro u t erJSSf no au 
SW2(config-routcr)frNct\v 10.1.36.12 0.0.0.0 

To verify the configuration: 

On SW2 

SW2#Show ip cigrp interfaces 

1P-EIGRP interlaces for process 100 

Xmit Queue Mean Pacing Time Multicast Pending 
Interface Peers Un' Reliable SRTT Un' Reliable Flow Timer Routes 

V136 0/0 Q'10 

On K3 

R3(config)#router cigrp 100 
R3(config-routcr)#no au 
R3i;config-roLitcr)#\ct\v 1 0. 1.36.3 0.0.0.0 

The next Eigrp router (R6) should also be configured its an Eigrp Stub router: 

On R6 

R6 (co n tig )# ro u ter cigrp 1 00 
R6(eonfig-routcr)#no au 
R6i;con%-roLUcr)^Xctw 10. 1.36.6 0.0.0.0 
R6iconfig-roLitcr)#Eigrp stub 

lo verify the configuration: 

On R6 

R6*Show ip cigrp neighbors 

1P-E1GRP neighbors for process 100 

H Address Interlace Hold Uptime SRTT RTO Q Scq 

(sec) (ms) Cnt N'um 

I 10.1.36.12 FaD/1 14 00: 01:24 167 1002 3 

10.1.36.3 FaO.T 1100:01:25 4 200 7 
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Since all the 1GP can figuration, is completed, its time to start with redistribution. 
This configuration is performed starting from East side first and once again, the 
configuration is started from the top of the topology to the bottom: 

On K4 

On this router the static route is redistributed into OSPF, as follows: 

R4 (con fig)#ro u t cr o sp f 1 
R4(config-routcr)r*redislribute static subnets 

To verify the configuration: 

On R5 

R 5** Show ip route ospf 

1 O.O.O.Q'8 is variably subnetted, 6 subnets* 2 masks 
O E2 10. LIU* '24 [110/20| via 10.1.45.4, 00:00:52, Fast Ethernet 0/1 
O 1 0. 1 .99.4,32 [1 10,2] via 10. 1 .45.4, 00:00:52, FastEthcrnctO/I 

1 0.1 .99.6,32 [1 10/2] via 10. 1 .56.6, 01:0 1 :46, Fast Ethernet 

R5*Ping 10.1.1 1.1 1 



Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 10. 1.11.11, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 
On K6 

R6*Ping 10.1.11.11 

Type escape sequence to abort. 

Sending 5, 100 -byte ICMP Echos to 10. 1. 1 1 . 1 I, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/1/4 ms 

The nest step is to redistribute Eigrp into OSPF, this must be done on R6: 

On R6 

R6(eonfig)#roLUcr ospf 1 

R6(cont1g-rontcr)rrRcdistrib Lite Eigrp 100 Subnets 
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Note you should get the following error message: 

Warning: Router is currently an ASBR white having only one area which is a stub area 

The reason is that R6 is part of an OSPF stub area, and redistribution is NOT 
allowed in a stub area. To fix this problem, area 56 is converted to an NSSA area, as 
follows: 

On R5 

R5(config)#routcr ospf I 

R5(config-routcr)r*No area 56 stub 

Rffconfig-ro titer)** area 56 NSSA delault-inforrnation-originale 

On R6 

R6(config)#rautcrospf I 

R6(config-routcr)#no area 5 6 stub 

R6 (con fig-router)?* area 56 NSSA default-information-originate 

To verify the confisjuration: 

On R6 

R6??Show ip route ospf 

10.0.0.0' 8 is variably subnettcd. 6 subnets. 2 masks 
IA 10.1.45.0/24 [1 1*0/2] via 10.1.56.5, 00:02:41, FastEthcrnctO 
1 A 10.1.99.4/32 [1 10/3] via 10. 1 .56.5, 00:02:41, FastEthcrnctO 
O LA 10.1.99.5/32 [1 10/2] via 10.1.56.5, 00:02:41, FastEthcrnctO/0 
0*N2 0.0.0.0/0 | L 10/1 1 via 10.1.56.5, 00:02:41, FastEthernetOO 

On R5 

Rj#Shgw ip route ospf 

10.0.0.0'S is variably subnettcd, 7 subnets, 2 masks 
O E2 10.1.1 1.0/24 [1*10/20] via 10.1.45.4, 00:04:49, FastE thcrnctOT 
() N2 10.1.36.0/24 1110/201 via 10.1.56.6, 00:04:49, FastEthernetO/0 
I ft 1 .99.4/32 [ 110/2] via 10. 1.45.4, 00:04:59, FastEthcrnctO/' 1 
10.1.99.6.'32 [110/2] via 10.1.56.6, 00:04:49, FastEthcrnctO/0 

Note the "N2" route is there because Eigrp was redistributed into OSPF in the prior 
step, and the "E2" route is there because R5 is part of area and R4 redistributed 
the static route into OSPF in one of the previous steps. 
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In the next step, OSPF is redistributed into Eigrp routing domain, as follows: 

On M 

R6 (co n fig )# ro u ter cigrp 1 00 

R6(config-roLitcr)#rcdis tribute OSPF I metric I I I I I 

To verify the configuration: 

On K6 

R6#Show ip cigrp topo.ogy 

IP-EIGRP Topology Tabic for AS( ]00)/1D( 10. 1.99.6) 

Codes: P - Passive, A - Active, L" - Update, Q - Query, R - Reply, 
r - reply Status, s - sia Status 

P 0.0.0.0/0, I successors, FD is 2560000256 

via Redistributed (256(H) 002 5 6/0) 
P 10. 1.45.0/24, 1 successors, FD is 2560000256 

via Redistributed (2560000256/0) 
P 10.1.36.0/24, 1 successors, FD is 281 60 

via Connected. FastEthcrnctO'l 
P 10.1.56.0/24, 1 successors, FD is 2560000256 

via Redistributed (2560000256.'0) 
P 10.1.99.4/32, 1 successors, FD is 2560000256 

via Redistributed (2560000256/0) 
P 10.1.99.5/32, 1 successors, FD is 2560000256 

via Redistributed (2560000256/0) 
P 10.1.99.6/32, 1 successors, FD is 2560000256 

via Redistributed (25 6 00 002 5 6/0) 

Note the redistributed routes are marked as ''Redistributed" in the Eigrp's topology 
table. 

To Verify the configuration 

On R3 

R3#Show ip route Eigrp 
R3# 
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Note R3 did NOT get the redistributed routes. This is because R6 is configured as 
"Eigrp stub", if no keyword is used with Eigrp stub configuration, the "connected" 
and the "summary" keyword will be added as default setting. The output of the 
following show command reveals that, as follows: 

R6f*Show run S router cigrp 1 00 

router cigrp 100 

redistribute ospfl metric I I I I I 

network 10.1.36.6 0.0.0.0 

no auto- summary 

cigrp stub connected Summary/ 

To fix this problem the "Redistributed" keyword is configured, as follows: 

On ggjj 

R 6 ( co n fig )* Router cigrp 1 00 
R6(config-routcr)-Eigrp stub redistributed 

In verify the configuration: 

On R3 

R3#Show ip route Eigrp 

10.0.0.0/8 is variably subnet ted, 12 subnets, 2 masks 
D EX 1 0.1.45.0/24 [1*70/2560002816] via 10.1.36.6, 00300:54, FastEthcmctO/1 
D EX 10.1.56.0/24 [170,2560002816] via 10.1.36.6, 00300:54, FastEthcrnctOT 
D EX 10.1.99.4/32 [170/2560002816] via 10.1.36.6, 00:00:54, FastEthcrnctO/1 
D EX 10.1.99.5/32 [170/2560002816] via 10.1.36.6, 00:00:54, FastEthcrnctO/1 
D EX 1 0.1.99.6/32 [170/2560002816] via 10.1.36.6, 00:00:54, FastEthcrnctOT 
D*EX 0.0.0.0/0 [170/2560002816] via 10. 1.36.6, 00:00:54, FastEthernctO 1 

On j3 

R3#Pjng 10. 1.1 1.1 1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 11.11, timeout is 2 seconds: 

!!!!! 

Suceess rate is 100 percent (5/5), round-trip min/avg'max = 1/3/4 ms 
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Note the East side is complete, its time to configure the West path, once again the 
approach will be from the top of the topology to the bottom: the first step is to 
redistribute the static route into OSPF, as follows: 

On kl 



R I ( configure utcrospf I 

R! (config-roLitcr)#redistributc static subnets 

To verify tht 1 configuration: 

On K2 

R2#Show ip route ospf 

lO.O.O.O.'S is variably subnetted, 7 subnets, 2 masks 
(> K2 10.1.11.0/24 1 110/20] via 10.1.12.1, DO: 01:03, Fast Ethernet 0/1 
1 0.1.99. 1,32 [110/2] via 10.1.12.1, €0:01:03, FastEthcrnctOi 
10.1.99.3/32 [110,2] via 10.1.23.3, 06:46:40, Fast Ethernet 0/0 

Note the ping command to VLAN 11 will fail: this will be fixed in later steps. 

In the next step a mutual redistribution is configured between OSPF and Eigrp on 

R3: 

First Eiarp is redistributed into OSPF, Lis i'ottous: 

On K3 

R 3 [c o n figure u t cr o sp f I 

R 3 (co n fig-ro u t er)# red is tribu tc cigrp 1 sub nets 

To verify tht 1 configuration: 

On Rl 

Rl#Show ip route ospf 

1 0.0.0.0/8 is variably subnetted, 14 subnets, 2 masks 
O 1 A 1 0. L23.0'24 [ 1 1 .0/2] via 10.1. 12.2, 00:06:54, FastEthcrnctO/1 
O E2 10. 1.45.(1-24 [110/20] via 10.1.12.2,00:01:15, FastEthcrnctO/1 
O E2 10.1.36.0/24 [110,20] via 10.1.122,00:01:15, FastEthcrnctO'l 
O E2 10.1.56.W24 1 110/20] via 10.1.12.2,00:01:15, FastEthcrnctQ 1 
O 1A 10.2.99.2 32 [ 110/2] via 10.1. 12.2, 00:06:54, FastEthcrnctO 1 
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1 0. 1 . 9 Q. "* 321110 ">] via 10.1. P.\ 00:06:54, FastEthcrnctO/1 






LA 10.1.99.3.32 [110/3} via 10.1. 12.2, 00:06:54, FastEthcrnctO/1 










O E2 10. 1.99.4 /32 [11 0/20 1 via 10.1.12.2,00:01:15, FastEthcrnctO/1 










E2 10.1.99.5.32 1110/201 via 10.1.12.2,00:01:15, FastEthcrnctO/1 










() E2 10.1.99.632 1110/201 via 10.1.12.2,00:01:15, FastEthcrnctO/1 










Next, OSPF is redistributed into Eigrp: 










On R3 










R3(config)#Routcr eigrp 100 










EO(OOiifig-roiit<Hr)#pedistribiite ospf 1 metric 1 1 1 1 1 










To verify the configuration: 










On SW2 










SW2#SbDw ip route eigrp 










10.0.0.0/8 is variably suhncttcd, 13 subnets, 2 masks 










D EX 10.1.11.0/24 |l"70a5600005121 via 10.1.36.3, 00:01:49, Vlan36 










D EX i 0.1.12.0/24 [170,2560000512] via 10.1.36.3,00:01:49, Vlan36 










D E X 10.123 .0/24 [ 1 7 .25 600005 1 2] via 1 0.1 . 36 . 3 


00:0 1:49, Via n36 










D EX 10.1.45.0/24 [170/25600005 12] via 10.1.36.6 


00:18:42, Via n36 










D EX 10.1.56.0/24 [170/2560000512] via 10.1.36.6 


00:18:42, Via n36 










D EX 102.99.2 32 [170 .2560000512] via 10.1.36.3 


00:01:49, Via n36 










D EX 10.1.99.1/32 [170/2560000512] via 10.1.36.3 


00:01:49, Via n36 










D EX 1 0.1 .99.2/32 [170/2560000512] via 10.1.36.3 


00:0 1:49, Via n36 










D EX 10.1.99.3/32 [170/2560000512] via 10.1.36.3 


00:01:49, Via n36 










D EX 1 0.1.99.4/32 [170/2560000512] via 10.1.36.6 


00:18:42, Via n36 










D EX 10.1.99.5/32 [170/2560000512] via 10.1.36.6 


00:18:42, Via n36 










D EX 10.1.99.6/32 [170 2560000512] via 10.1.36.6 


00:18:42, Via n36 










D*EX 0.0.0.0/0 [170/2560000512] via 10. 1.36.6, 00:18:42, Vlan36 










Nate all the routes are there, the following verifies the path taken by 5W2 to VLAN 










11: 










SW2#Showip route 10.1.11.0 










Routing entry for 10.1.1 1.024 










Known via "eigrp 100", distance 170, metric 25600005 12, type external 










Redistributing via eigrp 1 00 










Last update from 10. 1 .36.3 on Vlan36, 00:03:48 ago 


i68 




cc 
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Routing Descriptor Blocks: 

* 10.136.3, from 10.1.36.3, 00:03:48 ago, via V Ian 36 

Route metric is 25600(H) 5 12. traffic sh are co Lint is 1 

Total delay is 20 microseconds, minimum bandwidth is 1 Kbit 

Reliability 1/255, minimum MTU 1 bytes 

Loading I 255. Hops I 

SW2 is receiving a specific mute from the West side and a default route from the 
East side, therefore, SW 2 prefers the path through the West side to VLAN 11. The 
following reveals this fact: 

On K6 

R6#Show ip route ospi' 

1 0.0.0. Q''8 is variably subnetted, 13 subnets, 2 masks 
LA I0.1.45.Q-24 [110/2] via 10.1.56.5, 00:55:33, FastEthcrnctO 
1A 1 0.1.99.4 32 [110/3] via 10.1.56.5, 00:55:33, FastEthcrnctO 
1 A 1 0. 1 .99.5 32 [110/2] via 10.1.56.5, 00:55:33, FastEthcrnctO 
0*N2 0.0.0.0.0 (110/11 via 10.1.56.5, 0: 55 : 33, F as tEt he rnet0/0 

On R3 

R3*Show ip route OSPF 

10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks 
E2 10.1.11.0/24 J 1*1 0/201 via 10.1.23.2, 00:22:04, FaslElhernetO/0 
O 1 A 1 0.1.1 2.Q.'24 [ 1 10/2] via 10. 1 .23.2, 00:22:04, FastEthcrnctO/0 
1 A 1 0.2.99.232 [110/2] via 10.1.23.2, 00:22:04, FastEthcrnctO/0 
O 1 A 1 0. 1 .99. 1/32 [110/3] via 10.1.23.2, 00:22:04, FastEthcrnctO 
O 1A IOJ.99.2'32 [110/2] via 10.1.23.2, 00:22:04, FastEthcrnctO/0 

Note SW'2 takes the West path hecause ONLY a default route is given by R6 which 
was generated by R5 when the "NSSA" area was configured. There is no way to 
make R5 to send a more specific route to area 56, because R5 knows VLAN 11 as an 
LSA type 5, which is NEVER sent to a stub/NSSA area. 

There may be few ways to accomplish this task, the following is what will be 

configured: 

• On R5 remove the F0/0 interface from OSPF process 1 

■ Configure the F0' f interface of R5 in another OSPF process 

■ Redistribute between the new and the existing process 
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Note after the above configuration R6 should have V LAN 11 in its routing table. 

On R5 

R5 (co n fig)#ro liter o sp f 1 

R5(config-roiUcr)#No Nctw 10.1.56.5 0.0.0.0 area 56 
R5(cunfig-rontcr)#NO area 56 nssa default 
R5(config-routcr)#NO area 56 nssa 

Note the adjacency will be dropped. The next step is to add the interface in another 
OSPF process, as follows: 

R5(config)#routcr ospl* 2 

R5(config.routcr'»#Nctw 10. 1.56.5 0.0.0.0 area 56 
R5(config-routcr)#arca 56 nssa 

The last step is to redistribute between the two processes: 

R5(conf]g)r* router ospf 1 
R5(config-roLitcr)T*rcd is tribute OSPF 2 subnets 

R5(config)s router ospf 2 

R5(Config-ro Liter)?* red is tribute OSPF I subnets 

To verity the configuration: 

On K6 

R6#Show ip route ospf 

10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks 
O N2 10.1.1 1.0/24 [1I0/20| via 10.1.56.5, 00:00:30, FastEthernetoVO 
O N2 10.1.45.Q-24 [110/1J via 10.1.56.5,00:00:30, FastEthcrnctO/0 
O N2 1 0. 1.99.4 32 [110/2] via 10.1.56.5, 00:00:30, FastEthernctO 
N2 1 0. 1.99.5 32 [1 10/1] via 10.1.56.5,00:00:30, FastEthernctO 

On K4 

R4*Show ip route 1 0.1.36.0 

Routing entry for 10.1.36.0/24 
Known via "ospf 1", distance 1 1 0, metric 20, type extern 2, forward metric 1 
Last update from 10. 1 .45.5 on FastEthernctO 1 , 00:02:32 ago 

Routing Descriptor B.ocks: 
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* 10.1.45.5, from 10.1.99.5, 00:02:32 ago* via FastElhemetO.i 

Route metric is 20, trail "k share count is 1 

Note the output of the above slum command reveals that R4 has reachability to 
YLAN 36. The last check should be the routing table of SVV2: 

SW2*Show ip route 10.1.11.0 

Routing entry tor 10. 1 .1 1.0/24 
Known via "cigrp 100", distance 170, metric 2560000512, type external 
Redistributing via cigrp 1 00 

Last update from 10.1.36.6 on VIan36. 00:04:28 ago 
Routing Descriptor Blocks: 
10. 1.36.6, from 10.1.36,6, 00:04:28 ago, via Vlan36 

Route metric is 25600005 12, traffic share count is 1 

Total delay is 20 microseconds, minimum bandwidth is 1 Kbit 

Reliability 1/255, minimum MTU 1 bytes 

Loading 1/255, Hops I 

* 10.1.36.3, from 10.1.36.3, 00:04:28 ago, via Vlan36 
Route metric is 2560000512, traffic share count is 1 

i The rest of the output is omitted) 

Note SVV2 has two routes to VLAN 1 1, one through R3 and the second one through 
R6, but the requirement of this task stated that SVY2 should take the East path as 
primary., therefore, the metric of the path must be manipulated uh en performing 
the redistribution of OSPF into Eigrp, as follows: 

On K6 

Note 143 and R6 are both redistributing OSPF into Eigrp using the same metric 
parameters (1111 1), in the following configuration, on R6, the bandwidth lor 
OSPF redistributed routes are increased to 100, which makes the composite metric 
redistributed by R3 less attractive, hence, R6 should be the ONLY route in the 
routing table of SW2: 

R6 (co n fig)#ro u tcr cigrp 1 00 

R6 (c o n fig -ro Liter)?* red is tribu te ospfl metric 100 I I I I 

To verify thi 1 configuration: 

On SW2 

SVvlffShow in route 10.1.1 1.0 
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Routing entry far 10.1.1 1 .Q'"24 
Known via "cigrp 100", distance 170, metric 25600512, type external 
Redistributing via cigrp 100 
Last update from 10. 1 .36.6 on Vlan36, 00:08:40 ago 
Routing Descriptor Blocks: 
* 10.1.36.6, from 10.1.36.6, 00:08:40 ago, via Vlan36 

Route metric is 256005 1 2, traffic share count is 1 

Total delay is 20 microseconds, minimum bandwidth is 100 Kbit 

Reliability 1/255, minimum MTU I bytes 

Loading 1/255, Hops I 

SW2#PiE£ 1 0.1. 11. 11 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 1 1 . 1 L timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/9 ms 

SW2*Traccroutc 10.1.11.11 

Type escape sequence to abort. 
Tracing the route to 10.1.11.11 

1 10.1.36.6 8 msec msec msec 

2 10.1.56.5 msec msec msec 

3 10.1.45.4 9 msec msec msec 

4 10.1.14.11 msec* msec 

Veri tying RS's reachability to VLAN 1 1 : 

On K5 

R5#PJHg 10.1.11.11 

Tjpe escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 1 1 . 1 L timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min.'avg'max = L'2'4 ms 
R5#Traccroutc 10.1.1 1.1 1 



Type escape sequence to abort. 
Trac ing the route to 10.1.11.11 
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1 10.1.45.4 msec msec 4 msec 

2 10.1.14.110 msec * msec 

To very R2's reachability to VLA.N 11: 
On R2 

R2*Pina 10. 1.1 LI 1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1.11.1 1 r timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/'avg'max = 1/2/4 ms 

R2rTraccroutc 10.1.1 1.11 

Type escape sequence to abort. 
Tracing the route to 1 0. 1.11.11 

1 10.1.1 2. 1 4 msec msec 4 msec 

2 10.1.14.11 4 msec* msec 

Note this router is taking the West path and needs to he changed. 
On R2 

R2*Show ip route 10. 1.11.11 

Routing entry for 10.1.1 1.0/24 
Known via '"ospf 1 ", distance 1 1 0, metric 20, type extern 2. forward metric 1 
Last update from 10. 1.12.1 on FastEthcrnctO'' 1 . 03: 14:17 ago 
Routing Descriptor B kicks: 

* 10.1.12.1, from 10.1.99.1, 03:14:17 ago, via FastEthernetO/l 
Route metric is 20 , traffic share count is 1 

On K3 

RZ^Show ip route 10. 1.1 1.0 

Routing entry for 10. 1 . 1 1 .Q/24 
Known via "ospf 1 ", distance 1 1 0, metric 20, type extern 2, forward metric 2 

Redistributing via cigrp 1 00 

Advertised by cigrp 100 metric Mill 
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Last update from 10.1.23.2 on FastEthernctO/0. 03:17:01 ago 
Routing Descriptor Blocks: 

* 10.1.23.2, from 10. 1.99.1, 03:17:01 ago, via FastElheraetft'O 

Route metric is 20, trail "k share count is 1 

Note R3 is receiving an update from its Eigrp neighbor with an Administrative 
distance of 170 (Because its external), and its also receiving the same route from 
OSPF: in this case this router will prefer the path through OSPF, because through 
OSFF it has an administrative distance of 1 10. 

In order to fix this problem the administrative distance of OSFF or Eigrp needs to 
be manipulated, the following solution manipulates the administrative distance of 
Eigrp external routes, as follows: 

R3(config)#routcr eigrp 1 00 

R3 icon fig -roLitcr)#di stance eigrp 90 109 

Notu if tli u administrative distance had to be manipulated h OSPF, the following 

command had to be used: 

On 112 

R3(config)#router ospf 1 
R3(config-router)i#distance ospf external 171 

To vL'ril'v the confteuration: 

On R3 

R3*Show ip route 10.1.11.0 

Routing entry lor 10.1.1 l.tt'24 
Known via "eigrp 100", distance 109, metric 25602816;, type externa] 
Red ist ri bu ti ng v ia o sp f 1 , c igrp 1 
Advertised by ospf 1 subnets 

Last update from 10.1.36.6 on FastEthcrnctOi, 00:10:05 ago 
Routing Descriptor Blocks: 

* 10.1.36.6, from 10.1.36.6, 00:10:05 ago s via Fast EthcrnctO/1 
Route metric is 2560281 6, traffic share count is 1 

Total delay is 110 microseconds, minimum bandwidth is 100 Kbit 
Reliability 1/255, minimum MTU 1 bytes 
Loading 1/255. Hops 1 

Note the output of the above command reveals that R3 is taking the correct path, 
the following show command reveals the routing table of R2: 
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On R2 

R2*Sho\v ip route 10.1.11.11 

Routing entry for 10. 1 . 1 1 .G''24 
Known via "ospf l'\ distance 1 10, metric 20, type extern 2, forward metric 1 
Last update from 10.123.3 on FastEthcrnctO' ()' 00:00:55 ago 
RouLriL" Descriptor Blocks: 
1 0. 1.23.3, from 1 0.1 .99.3, 00:00:55 ago, via FastEthcrnctQ.'O 
Route metric is 20, traffic share count is 1 

* 1 . 1 . 1 2 . 1 , fr o m 1 . 1 . 99 . 1 , 00:00 : 5 5 ago , v ia Fast E thcrnctO/ 1 

Route metric is 20, traffic share count is 1 

Note the output of the above command reveals that 112 has two paths to VLAN1 1, 

one through Rl and another through R3. The task states that this router should 

take the path through East side as primary and the path through the West side as 

backup. 

One way to accomplish this task is to inject the route into R2*s muting table as 

"El". In OSPF, El mutes are always preferred over E2. 

On K3 

R3(conf]g)£routcr ospf* I 

R3(config-routcr)#redistributc cigrp 100 subnets metric-type 1 

To verify the configuration: 
On K2 

R2*Show ip route 10.1.11.0 

Routing entry for 10.1.1 1.0/24 
Known via "ospf 1", distance 1 10, metric 21 , type extern I 
Last update from 10.1 23.3 on FastEthcrnctO 0, 00:01 :43 ago 
Routing Descriptor Blocks: 

* 10.1.23.3, from 10. 1.99.3, 00:01:43 ago, via FastE thcrnctO 

Route metric is 21, traffic share count is 1 

R2*Ping 10.1.1 1.11 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 1 1 . 1 I. timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min. avg max =13 4 ms 
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R2*Traccroutc 10.1.1 1.1 1 

Type escape sequence to abort. 
Tracing the route to 10.1.11.11 

1 10.1.23.3 msec 4 msec msec 

2 10.1.36.6 msec 4 msec msec 

3 10.1.56.5 4 msec 4 msec msec 

4 10.1.45.4 msec 4 msec 4 msec 

5 I O.I.I 4.1 1 4 msec* msec 

Note R2 is now taking the East path to reach VLAN 1 1 . The last item in the task stated 
"ensure that the solution covers any broken reachability on this path". 

To tL'sl this uundilion. FO'l inlL'H'acL 1 of K5 is shuldou n. lis folio us: 
On R5 

R5(config)#int 10T 

R5 (con fig- if)#s hu tdo wn 

To verify the configuration: 

On H5 

R5#?iw 10. 1.1 LI 1 



Type escape sequence to abort. 

Sending 5, 100 -byte ICMP Echosto 10. 1. 1 1 . 1 L timeout is 2 seconds: 

Success rale fo[) percent ((1/5) 

R5*Traccroutc 10.1.11.11 

Type escape sequence to abort. 
Tracing the route to 10.1.11.11 

1 10.1.56.6 msec msec msec 

2 10.1.36.3 msec 4 msec msec 

3 10.1 .23.2 msec 4 msec 4 msec 

4 10.1.12.1 msec msec 4 msec 
c * * * 

6 * * * 
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Note Hit; path is correct, but why is it NOT working? 

To resolve this problem the routing table of SW1 is examined: 

SW'l#Show ip route static 

S* 0.0.0.0/0 [1/0] via 10.1.14.100 

The route is via the virtual IP address of HSRP, but remember that R4 is the active 
router and NOT Rl, therefore, the HSRP should be configured to change the active 
router to be Rl when and if any of the links along the East path is broken. 

To fix this problem: 

• An "object tracking" is configured 

• R4 should be configured to monitor the route to VLAN 36, if the route is 
NOT available through the East side, it should lower its priority by 2(1 such 
that Rl becomes the active router. 

On R4 

R4(config)r*traek J_ip route 10.1.36.0/24 reachability 

R4(config)#int ffl/0 

R4(config-if>standby 1 track I decrement 20 

Note you should get messages from HSRP stating that Rl is now the active router. 

To verify the configuration: 

On K4 

R4f*Sho\v standby brief 

P indicates configured to preempt. 

Interface Grp Prio P State Active Standby Virtual IP 

FaO/0 I 90 P Standby 1 0.1. 14. 1 local 10.1.14.100 

On K5 

RggPtog 10.1.1 1.1 1 
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Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1.11.11. timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/3/4 ms 

R5#Traccroutc 10.1.1 1.11 

Type escape sequence to abort. 
Tracing the route to 10.1.11.11 

1 10.1.56.64 msec msec msec 

2 1 0.1 .36.3 4 msec msec 4 msec 

3 10.1.23.2 4 msec msec msec 

4 10.1.12.1 4 msec 4 msec 4 msec 

5 I 0.1,1 4.1 I 4 msec* msec 

The las t test that needs to be conducted is to enable the F0/1 interface of R5 and test 
the reachability, as follows: 

On R5 

R5(config)#int ffl/1 
R5(config-if)rmo shut 

To verily the configuration: 



On R5 

R5*Ping 10.1.1 1.11 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.11.11, timeout is2 seconds: 



Success rate is 100 percent (5/5), round- trip min/avg'max = l/2'4 ms 
R5*Traccroutc I 0.1.1 LI 1 



Type escape sequence to abort. 
Tracing the route to 10.1 . 1 1.1 1 

1 10.1.56.6 msec 4 msec msec 

2 10.1.36.3 4 msec 4 msec msec 

3 1 0. 1 .23.2 4 msec 4 msec msec 
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4 10.1.12.1 msec 4 msec 4 msec 

5 I 0.1. 1 4. 1 I msec* msec 

Note this router is still taking the West path. Note for R4 to reach VLAN II, It goes 

to 10.1.14.1 has fallows: 

R4*Ship route 10.1.11.0 

Routing entry for 10. 1.11 .0/24 
Known via "static", distance I . metric 
Redistributing via ospf 1 
Advertised by ospf I subnets 
Routing Descriptor Blocks: 

* 10.1.14.11 

Route metric is 0. traffic share count is 1 

On R5, the mute is redistributed via OSPF, but R5 receives a mute to VLAN 11 
from two different muting processes, as long as the path is equal, it will take the 
oldest route in its routing table. To fix this problem, R5 should be configured to 
always prefer OSPF process 1, as follows: 

R 5 (c o n fig)#ra u tcr o sp f 1 
R5(config-routcr)r*distance ospf external 109 

To verify the unit'iauration: 

On jgg 

R5*Sh ip route 10. 1.11.0 

Routing entry for 10. 1 . 1 1 .G''24 
Known via "ospf 1". distance 109, metric 20, type extern 2. forward metric 1 
Redistributing via ospf 2 
Advertised by ospf 2 subnets 

Last update from 10. 1 .45.4 on FastEthcrnctO 1 , 00:0 1:15 ago 
Routing Descriptor Blocks: 

* 10.1.45.4, from 10.1.99.4, 00:01:15 ago, via FaslElhemelO/l 

Route metric is 20 , traffic share count is 1 
R5#Traccroutc 10.1.11.11 

Type escape sequence to abort. 
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Tracing the route to 1 0. 1.11.11 

1 10.1.45.4 msec msec 4 msec 

2 10.1.14.11 4 msec* msec 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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VLAN13S 




fa 



VLAN 125 




a; 




10.1.24.0/24 




FQ/0 

VLAN1 




Lab Setup: 

■ Configure the rack according to the diagram. 

• Use the ] P addressing chart below for IP addressing scheme 

11 J addressing Chart: 



RouU'i" 


Interface / IP addressing 


Rl 


FU'O : 1 0.1. 125.1/24 
Ftl/1 : 10.1.135.1/24 
LoO: 10.1.99.1/32 


r: 


F0 0: 10.1.125.2 24 
F0/1 : 10.1.24.2'24 

LoO: 10.1.99.2 32 


R3 


ran : 10.1.135.3/24 

LoO i 10.1.99.3/32 


R4 


F0 1 : 10.1.24.4 24 
LoO: 10.1.99.4 32 


R5 


FO.'O : 10.1.125.5/24 
Fill : 10.1.135.5/24 
LoO: 10.1.99.5G2 
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Task 1 

Configure RIPv2 an FQ/1 interface of R2 and R4. 

Advertise R4's LoO interface in this routing protocol. R4 should advertise this loopback 
interface such that R2 sees this loopback interface in its routing table with a prefix-length 
of .'24 and a metric of 5. 



On R2 

R2(config)#routcr rip 
R2( config-routcr)f*no auto-summary 
R2( config-routcr)#vcrsion 2 
R2fcontig-routerJ#B«tworli 1 0.0.0.0 

On K4 

R4(config)iTmutLT rip 
R4(config-routcr)#no auto-s ummary 
R4( co n fi g -ro at cr)#vcrs k) n 2 
R4( con fig-ro ut cr )#nct wo r k 1 . . 0. 

To verify the configuration: 

On R2 

R2~Sh ip route rip 

10.0.0.0/8 is variably sub netted. 4 subnets. 2 masks 
R 10. 1.99.4/32 [120/1 J via 10.1 .24.4, 00:00:09, FastEthcrncUTl 

Note R4*s loopback interface has a prefix-length of 32 with a metric of 1, but the task 
requested a prefix-length of 24 and a metric of 5. 

This can be done in different ways, but in this solution an access-list, offset- list and mute 
summarization is used to accomplish this task: an access-list is configured to identify the 
network, an offset-list will offset the hop count by 4 so when R2 receives the route it will have 
it as 5 hops and a route summarization is used to change the mask. As follows: 

On K4 

R4(eonfig)#acccss-list _1_ permit host 10. 1 .99.4 

R4(contig, ^router rip 
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R4( con fig -ro ut cr)#o ftsct- li st j_ o Lit 4 

Note when configuring an offset -list, the number after the "offset-list" keyword references an 
access- list number, if a "o" is configured instead of an access-list number, the offset- list will 
apply to all networks that R4 advertises. In this task this offset-list should only apply to the 
iback of R4, therefore, an access-list is used to be more specific. 



To verify the configuration: 

On R2 

R2f*Show ip route rip 

10.0.0.0/8 is variably subnetted, 4 subnets. 2 masks 
R 10.1.99.4/32 11211/51 via 10.1.24.4,00:00:12, FastEthcrnctO 1 

Note the route has a metric of 5: the next step is to configure a summary route and summarize 
the route with a prefix-length of 24. 

On R4 

R4(config)#int FO/1 

R4i;contTg-if)^ip summary-address rip 10.1.99.0 255.255.255.0 

To verify the configuration: 

On R2 

R2rrShow ip route rip 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
R 10.1.99.0/24 [120/1| via 10.1.24.4, 00:00:15, FastEthcrnctO 1 
R 10. 1.99.4/32 1 120/5] via 10.1 .24.4,00:01 :37, FastEthcrnctO 1 " 1 

Note there are two routes, one with a prefix-length of 32 and the other with a prefix- length of 
24. If the "Show ip route rip" command is entered in rapid succession, you will note that the 
route with the prefix-length of 32 is not being refreshed and the route will go into ''Possibly 
Down" which means that the route is invalidated, as follows: 

R2#SjjOw ip route rip 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
R 1 0. 1 .99. 24 [ 120/1 J via 1 0. 1.24.4. 00:00: 1 1 . FastEthcrnctO 1 
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R 10. 1.99.4/32 1 120/5] via 10.1 .24.4, 00: 01:34 , Fast Ethernet*}/ 1 

R 2" Show ip route rip 

10.0.0.0. 8 is variably subnetted, 5 subnets, 2 masks 
R 1 0. 1 .99.0/24 [ 120/ 1 ] via 1 0. 1.24.4, (11:00 : 1 4, FastE thcrnctO. 1 
R 10.1.99.4 32 is possibly down, 

routing via 10.1.24.4, FastE thcrnctO-' 1 

On R2 

R2#5bow ip route rip 

10.0.0.0 8 is variably subncttcd,4 subnets, 2 masks 
R 1 0. 1 .99. Q.'24 [ 120/ 1 J via 1 0. 1 . 24.4, 00:00 : 1 5, FastE thcrnctO/ 1 

Note the route with a prefix-length of 32 is no longer in the routing table unci it is flushed out 
of the routing table. 

To summarize: 



By default, RIP sends updates every 30 seconds, that's why the timer for the route with 

a prefix- length of 24 was less then 30 seconds. It was getting refreshed every 30 

seconds. 

By default, RIP's invalidation timer is ISO seconds, that's why the "possibly down'" 

showed up in the routing table after about 3 minutes. 

By default, RIP's flush timer is 240 seconds, which is the total time it took to remove 

the route from the routing table. 



Task 2 

Configure E1GRP 100 on VLAN" 125. Advertise RL R2 and R5's LoO interlace in this 

routing protocol 



On Kl 



R 1 ( con fi g >* r O ut cr cigrp 1 
R I ( c o n fi g-ro ut cr)#no au 
RKcontig-routcr^Xctwork 10.1.99.1 0.0.0.0 
R 1 fco n fig-ro ut cr)#X ctwork 10.1.125.1 0. 0. 0. 
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On R2 










R2(config)#rcHitcr cigrp 100 
R2(contig-roLitcr)f*no an 












RZfcontig-routcr^Nctwork 10.1.99.2 0.0.0.0 
R2(config-rainer)»fctwork 10.1.1252 0.0.0.0 












On R5 












R5( con figure Liter cigrp 100 

R5( conilg-rout cr')f*no an 

R5(conlig-ro Liter ^Network 10.1.99.5 0.0.0.0 

R5(con tig-rout cr^Xctwork 10.1.125.5 0.0.0.0 












To verify the configuration: 












On Rl 












Rl#Show ip route cigrp 100 












10.0.0.0/8 is variably subnettcd, 5 subnets. 2 masks 
D 10. 1.99.2 32 [90.*409600| via 10. 1. 125.2, 0048:44, FastEthcrnctO/0 
D 10. I.99.S32 [90/409600] via 10. 1. 125.5, 00:02:09, FastEthcrnctO 












On R2 












R2f*Sho\v ip route cigrp 1 00 












10.0.0.0/8 is variably subnettcd, 6 subnets, 2 masks 
D 10. 1.99. 1/32 [90'409600] via 10. 1. 125. 1 , 00:04:3 1 , FastEthcrnctO/0 
D 10.1.99.5/32 [90/409600] via 10.1.125.5, 00:02:55, FastEthcrnctO/0 












On R5 












R SB Show ip route cigrp 100 












10. 0.0. 0/8 is variably subnettcd, 5 subnets, 2 masks 
D 10. 1.99. 1/32 [90/409600] via 10. 1. 125. 1 , 00:03:43, FasitEthcrnctO/0 
D 10.1.99.2''32 [90/409600] via 10.1.125.2, 00:08:41, FastEthcrnctO '0 
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Task 3 

Configure OSPF arcaO on VLAN 1 35; also include Rl . R3 and R5's Lot) interlace in this 
area. 



On Rl 

R If con fig)#ro utcr ospf 1 

Rlfcontig-roLitcr^Xctw 10.1.135.1 0.0.0.0 area 
Rli;config.routcr)*\ctw 10.1.99.1 0.0.0.0 area 

On R3 

R3(config)r*routcr ospf 1 

RZ^eonfig-routcr^Nctw 10.1.135.3 0.0.0.0 area 
R3i;conlig-routcrKXctw 10.1.99.3 0.0.0.0 area 

On R5 

R5( con tig )#ro utcr ospf 1 

R5i;con%-routcr)#Xctw 10.1.135.5 0.0.0.0 area 
R5ieonf]g-routcr^Nctw 10.1.99.5 0.0.0.0 area 

Note by now, all OSPF adjacencies should have come up, and a DR should be seen in the 
OSPF database with links to all routers in VLAN 135. 

To verify the configuration: 

On Rl 

Rl#Shojw ip ospf database Network b Attached 

Attached Router: 10.1.99.1 
Attached Router: 10.1.99.3 
Attached Router: 10.1.99.5 



Task 4 



Configure mutual redistribution on R2 between E1GRP and RIP. 
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Before performing the redistribution, the routing table of R4 should be checked: 

R4#Show ip route rip 

10.0.0.0/8 is variably sub netted, 4 Subnets, 2 masks 
R 10.1.99.2/32 [120/1| via 10.1.24.2,00:00:13, EthcrnetO I 
R 10. 1.125.0/24 1 120/11 via 10.124.2, 00:00:13, Ethernet*)/] 

The next step, redistributing Eigrp 100 into RIP muting domain: 

On R2 

R2(eoniig)#rautcr rip 
R2(config-roLitcr)n ! redistribute eigrp 100 metric 3 

To verify the configuration: 

On K4 Note the hop count is 1 

R4"Show ip route rip // ^r Note the hop is 3 as configured in the redistribution 

10.0.0.0/8 is variably subncjrfc"^ fi^ubnets, 2 masks 
R 10.1.99. 1/3 2 1 1 2 0/3 1 tia Ukl 24 . 2, : : 1 4 , Fa st Et h em et IV 1 
R 10.1.99.2/32 1 120/11^^10.1.24. 2, 00:00:14, Fast Ethernet 0/1 
R f 0.1.99.5/32 1 120/3] vft 10.1.24.2, 00:00:14, Fast Ethernet 0/1 
R 10.1.125.0/24 [120/1 fvia 10.1.24.2, 00:00:14, FastEthernetO/1 

Note networks 10.1.125.0 .'24 and 10.1.99.2 .32 have a hop count of 1, whereas, the other 
E1GRP routes have a hop count of 3. 

The reason is that RIP on R2 can only be configured to include classful networks, meaning the 
entire 10.0.0.0. RIP includes all interfaces whose classless IP address falls inside of 10.0.0.0 8 
network. Now what goes into the muting table is the best route, which is the route with the 
least number of hop counts. 

In the Next step, RIP is redistributed into Eim'p: 

On R2 

R2(eonfig)#rauter eigrp 100 

R2i con fig -rout cr)#rcdistributc rip metric I I I I I 

To verify the configuration: 
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On K5 

R 5" Show ip route eigrp 1 00 

10.0.0.0/8 is variably sub netted, 8 subnets, 2 masks 
D EX 10.1.24.0/24 1 170/2560025856] via 10.1.125.2,00:01:37, Fast Ethernet 0/0 
D EX 10.L99.flO4 1 170/2560025856] via 10.1.125.2, 00:01:37, FaslEthernelO'O 
D 10.1.99.1,32 [90409600J via 10.1.125.1,00:45:57, EtncrnctO/0 

D 10. 1.99.2 32 [90/409600 J via 10.1.125.2, 00:45:55, EthcrnctO/0 



Task 5 

Configure mutual redistribution between Eigrp and OSPFon R! and R5: ensure that the 
path from R3* LoO to R4's LoO is loop free and optimal. 



The first step, performing a mutual redistribution between OSPF and Eigrp on Rl and R5: 
On Kl 

R 1( con fig)#ro Liter ospf 1 

R 1 (config-ro Lit cr)r* redistribute eigrp 100 subnets 

Rlfeontigj-routcr eigrp 100 
Rlfeontig-routcr^redistribute ospf 1 metric 11111 

On K5 

R 5( eon fig )#ro Liter ospl" 1 

R5(eontig-ro Lit cr)r* redistribute eigrp 100 subnets 

R 5( con fig )#ra Liter eigrp 100 
R5('config-roLitcr)r*redistribute ospf 1 metric 11111 

>»ti-: 

From this point on, the routing tables on your lab/pod/rack might look different, as it is 

depended on the exact timing of your speed of entering the show /con figurations. Routes 
pointing to Rl might be pointing to R5 on your lab.' pod.' rack and vice versa. 
The muting table of R3 should be checked \uid the path towards R4"s LoO (10.1.99.4/32) 
should be traced. Remember that R4's LoO is summarized to 10.1.99.0/24. 
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To verify the configuration: 

On K3 

R3*Show ip route 1 0. 1 .99.0 

Routing entry for IO.L99.fV24 
Known Via "ospf 1", distance 1 1 0, metric 20. type extern 2, forward metric 1 
Last update from 10.1.135.1 on EthcrnctO I, 00:06:56 ago 
Routing Descriptor Blocks: 

* 10.1.135.1, from 10.1.99.1, 00:06:56 ago, via EthcrnctO/1 
Route metric is 20, traffic share count is 1 

From R3"s routing table reveals that the route was learned from OSPF, the route type is E2 
and the next-hop is Rl. 

You should "clear ip ospf proc'" on Rl, R3 and R5 before proceeding: 

On K3 

R3f*Sh ip ospf" neighbor 

Neighbor ID Pri State Dead Time Address Interface 

10.1.99.1 I FULL DR 00:00:39 10.1.135.1 FastEthcrnctOT 

10.1.99.5 I FL'LLBDR 00:00:39 10.1.135.5 FastEthcrnctaT 

R^Ping 10.1.99.4 source 10.1.99.3 

Type escape sequence to abort. 

Sending 5 r 100-bytc 1CMP Echos to I 0. 1.99.4, timeout is 2 seconds: 

Packet sent with a source address of I 0. 1 .99.3 



Success rate is percent ((1/5) 

NoIl 1 Hit; above ping command is NOT successful even though the local router has a valid 
route for the destination. 

The following examines the routing table of Rl for the destination, since R3"s first hop is 
Rl: 

On Kl 



Rl-Show in route 10.1.99.0 
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Routing entry for 10. 1.99.tt'24 
Known via "eigrp MM)", distance 170, metric 2560025816. type external 
Redistributing via cigrp 100, ospf 1 
Advertised by ospf 1 subnets 

Last update from 10. 1. 125.5 on FastEthcrnctO'O, 00:14:28 ago 
Routing Descriptor Blocks: 
10.1. .125.5, from 10.1.125.5, 00:14:28 ago, via FastEthcrnctO 

Route metric is 25600258 1 6, traffic share count is 1 
Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit 
Reliability 1/255, minimum MTU 1 bytes 
Loading 1/255. Hops 1 
* 10.1.125.2, from 10. 1.125.2, 00:14:28 ago, via FastEthcrnctO 
Route metric is 256002581 6, traffic share count is 1 
Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit 
Reliability 1/255, minimum MTU 1 bytes 
Loading 1/255;, Hops I 

Note from Rl's perspective/view there are two ways to get to 10.1.99.0 .'24, one via R2 and 
the other via R5 and both were learned from EIGRP. 

But Rl should only have R2 as the next hop for this destination, what happened? 
Always remember, when mutual redistribution is performed on multiple points, at best we 
will have a sub optimal route and at worst we will end up with a routing loop. Since RJ ean't 
ping R4's LoO even though the route is in it's routing table, this looks like a routing loop 

Before moving on, you should ask yourself "why did all ICMP requests from R3 fail?" Rl 
has two paths to 10.1.99.0/24, one through R2 which is a valid path and the other through 
R5 which is NSV (Not So Valid). I guess this is another TLA (Three Letter Acronym) that 
can be added to the list (just a joke). 

To \erify this, the CKF decision making on Rl is examined: 

On Rl 

(The output of the following show command is modified to OSL Y display the specific entry) 

Rl#Sbflw ip ccf 

Prefix Next Hop Interface 

1 0. 1 .99. 0/24 I 0. 1. 125.5 EthcrnctO 

10.1.125.2 EthcrnctO/0 

>"otethe output of the above command reveals that then; are two ways to get to 10.1.99.0 
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'24, let's he more specific, as follows: 

Rl*Show JB cef exact-route 10.1.99.3 10.1.99.4 

1 0. 1 .99. 3 -> 10.1.99.4 : EthcrnctO/0 f next hop 10.1.115.5) 

R1*Show ip cef exact-route 10.1.135.3 10.1.99.4 

10.1.135.3 -> 10. 1.99.4 : EthcrnctO (next hop 10.1.125.2) 

Even though CEF has two equal cost routes, it is choosing only one route per src-dst pair. 

Note the following reveals that if the Ping is sou reed from R3 and NOT the loophack 
interface of R3, it is successful: 

On 113 

RjgPjmg 10.1.99.4 

Type escape sequence to abort. 

Sending 5, 1 00-bytc ICMP Echos to 1 0. 1.99.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min'avg/max = 4/4/4 ms 
lb see the reason fur the successful ping: 
On \U 

RlflShow ip cef exact-route 10. 1. 135.3 10.1.99.4 

10. 1 . 1 35. 3 -> 1 0. 1 .99.4 : FastEthcrnctG'O ( next hop 10.1.125.2) 

Note the output of the above command reveals that CEF has chosen R2 as its next hop 
towards 10. 1.99. 0/24. 

What conclusion should he made from this example? 

PING IS NOT ENOUGH TO TEST FOR ROTTING LOOPS 

lb verify the routing loops further: 

On K3 

R3f*Traccroutc 10.1.99.4 source 10.1.99.3 
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Type escape sequence to abort. 
Tracing the mute to 10.1.99.4 

1 10.1.135.1 20 msec 48 msec 20 msec 

2 10. L 125.5 20 msec 8 msec 28 msec 

3 10.1.135.1 24 msec 20 msec 20 msec 

4 10.1.125.5 20 msec 20 msec 48 msec 

5 10.1.135.1 16 msec 32 msec 36 msec 

6 10.1.125.5 32 msec 32 msec 88 msec 

7 10.1.135.1 36 msec 60 msec 28 msec 

8 10.1. 125.5 84 msec 20 msec 44 msec 

9 10.1.135.1 92 msec 76 msec 88 msec 
i i 0. i . 125.5 80 msec 72 msec 80 msec 

11 10. 1. 135.1 68 msec 52 msec 36 msec 

12 10.1.125.5 144 msec 76 msec 76 msec 

13 10.1.135.1 108 msec 68 msec 92 msec 

14 10.1.125.5 56 msec 108 msec 96 msec 
(The rest of the output is omitted) 

1 think this proves that we have a loop. 

Its time to find the culprit (if the routing loop. 

Lets examine R5's routing table towards 10.1.99.0/24: 

On R5 

RSsShow ip route 1 0. 1 .99.0 

Routing entry for 10. 1.99.024 
Known via "osp f 1 ", d istancc 1 1 0, metric 20, type extern 2. forward metric 10 
Redistributing via cigrp 100 
Advertised h\ e:i£rp 1 GG metric 1 1 1 1 1 
Last update from 10.1.135.1 on EthcrnctQ], 01:06:33 ago 
Routing Descriptor Blocks: 

* 10.1.135.1, from 10.1.99.1,01:06:33 ago, via EthcrnctO/1 
Route metric is 20, traffic share count is 1 

This doesn't look good at all. The route is learned from OSPF and the next hop is Rl 

Here is the flow of the events: 
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VLAN135 



R3 




Rl 



VLAN125 





EIGRP 



R2 



R4 



R5 






VLANB4 



At first R2 sent an EIGRP update with the 10.1.99.(1 24 network to Rl and R5. 

VLAN135 Rl VLAN125 




R2 



R4 





VLAN24 



Then Rl redistributed the route into OSPF. 

Now R5 has two routes to 10.1.99.(1' 24. One from OSPF and the other from EIGRP. R5 nil 
choose the route with the lowest administrative distance (AD). 

Here are R5's choices: 

• Via Rl OSPF with AD 110 

• Via R2 EIGRP with AD 170. 10.1.99.0 24 is an external EIGRP route, which was 
redistributed bv R2 from RIP. 

Since the route via OSPF has a lower AD, R5 will choose Rl as its next hop, via VLA.M35. 
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Now R5 redistribu 


tes the route from OSPF back to EIGRP. That's why Rl has a route to 










10.1.99.(124 from R5. 










Does this process happen in the same way for R 1? The answer is no. Rl will never get a 










10.1. 99.(1 24 route from OSPF, as R5 will never redistribute it from E1GRP to OSPF. This is 










because redistribution happens only for routes which are actually installed in the routing 










table, and 10.1.99.0/24 route is installed as OSPF route on R5 and not as E1GRP. (remember 










the exception for connected routes) 










How should we fix this? One way to fix this problem is to use the AD to our advantage. 










Since changing the AD of external ElGRProutes is not possible we will change the AD of 










OSPF routes. Here is the action plan for R5: 










• Configure ACL to match all routes originated in EIGRP. 










• Configure OSPF to raise the AD for mutes matching the ACL 










On R5 










First the ACL: 










R5(config)#acccss-list 1 permit 10.1.99. 1 










R5(config)r*acccss-list 1 permit 10.1.99.2 










R5( con fig ^access -list 1 permit 10.1.99.5 










R5(config)ffacccss-list 1 permit 10.1.99.0 










R5(config)r*acccss-list 1 permit 10.1.125.0 










Next, let's change the distance: 










R5(coniig)ffm Liter ospf 1 










R5( config.rout cr)*dist an ce 171 0.0.0.0 255.255.255.255 1 






cc 
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The above command sets the distance for all the routes identified in the access-list 1 to 171. 
Note "0.0.0.0 155.255.255.155'' uas used to indicate (Si at we don't care which router sends us 
the LSAs matching the ACL. 

To verify the configuration: 



On R5 

R5f*Sh ip route 10.1.99.0 

Ro uti ng entry for 10, 1 .9 9. 024 

Known via "cigrp 1", distance 170, metric 2560025816, type external 

Redistributing via cigrp I , ospl* I 

Advertised byospf 1 subnets 

Last update from 1 0. 1. 125. 1 on FastEthcrnctO. 0. 00:02:05 ago 

Routing Descriptor Blocks: 

* 10.1.125.2, from 10.1.125.2,00:02:05 ago, via FastEthcrnctOO 

Route metric is 25600258 16, traffic share count is 1 

Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit 

Reliability 1/255, minimum MTU I bytes 

Loading 1/255, Hops 1 
1(1.1.125.1, from 10. 1 .125. 1, 00:02:05 ago, via FastEthcrnctO '0 

Route metric is 25600258 1 6, traffic share count is 1 

Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit 

Reliability 1/255, minimum MTU 1 bytes 

Loading 1/255, Hops I 

The output of the above show command reveals that there are two routes and both of them 
are via E1GRP, which is much better then the OSPF route. 

To verify the configuration : 

On 1*3 

R3#Traccroutc 1 0. 1 .99.4 source 1 0. 1. 99.3 

Type escape sequence to abort. 
Tracing the route to 10.1.99.4 

1 10. 1. 135.5 4 msec msec 4 msec 

2 10. 1. 125.2 msec msec 4 msec 

3 10.1.24.4 4 msec* msec 

From R3's Loopback to R5, from R5 to R2 and from R2 to R4 
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R^Ping 10. 1.99.4 source 10.1.99.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to ID. 1.99.4, timeout is 2 seconds: 

Packet sent with a source address of 10.1.99.3 

Mill 

Success rate is 1(10 percent (5/5), round-trip min'avg'max = 1/3/4 ms 

The path 1'roni Rl. to the I.oophack interlace ol' R4 should also be checked, as 1'ollous: 

On Rl 



RlgSljJE route 10.1.99.0 

Ro ut i ng cnt ry to r 1 . . 1 . 9 9. 0/24 
Known via "ospf 1 ", distance 1 1 0, metric 20, type extern 2. forward metric 1 
Redistributing via cigrp 100 
Advertised by cigrp 1 00 metric 11111 

Last update from 1 0. 1. 135. 5 on FastEthcrnctO; 1 , 00: 1 1 : 14 ago 
Ro ut i ng Dcs c r ip t a r B loc k s: 

* ID. 1.135.5, from 10. 1.99.5, 0O:l 1:14 ago, viaFastEthcrnctO/1 
Route metric is 20, traffic share count is 1 

Now the opposite thing happens. R5 now has a route to 10. 1.99.0 in its routing table, marked 
as Eigrp mute and it is redistributing it into OSPF routing protocol. 



VLAN 135 



VL AN 1 25 




Note Rl receives the OSPF route and now Rl prefers the OSPF route since it has an Al) off 
110 versus E1GRP route from R2 with an AD of 170. 
Rl then redistributes the route from OSPF into E1GRP. 



CC1E R&«> by Narblk KucharianS Ad* anted CC1E R&S Wurk Book 2.0 

C 2009 Vnrhik kiithnrinru. All rights reserved 



Page 979 of 1068 



VLAN 135 



VLAN 125 




To fix this problem, AD is manipulated in the same manner as it was done on R5. 
QnRl: 

An access-list is configured matching the EIGRP routes: 

Rlfconfig^acccss-list 1 permit 10.1.99.2 
Rli;config)#acccss-list 1 permit 10.1.99.1 
Rl(config)#acccss-list 1 permit 10.1.99.0 
Rli;'coniig')#acc ess -list 1 permit 10.1.99.5 
Rlfconlig'^acccss-list 1 permit 10.1.125.0 

The AD is changed for the routes identified in access-list 1: 

Rl(eonfig-routcr)#distance 171 0.0.0. 255.255.255.255 1 

To verify the configuration: 

On Kl 



Rl#Shftw ip route 10.1.99.0 

Routing entry for U)A.99.&24 
Known via "cigrp 1", distance 170, metric 2560025856, t>pc externa] 
Redistributing via cigrp 1 , o spl' I 
Advertised by ospl* I subnets 

Last update from 1 0. L 125.2 on FastEthcrnctO 0, 00.01:20 ago 
Routing Descriptor Blocks: 

* 10.1.125.2, from 1(1.1.125.2, 00:01:20 ago, via FastEthcrnctO 
Route metric is 2560025856. traffic share count is 1 
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Total delay is 1010 microseconds, minimum bandwidth is 1 Kbit 

Reliability 1/255, minimum MTU 1 bytes 
Loading 1/255* Hops I 

The problem is fixed. 



task 6 

Erase the startup config of all routers and reload them before proceeding to the next lab. 
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Lab 1 - IP SLA 




l.al> Setup: 

> Configure the the Frame- relay connection in a Point-to -point manner. 

> Use the IP addressing chart below tor IP address assignment. 



IP HiKlrL'ssirm Chart; 



Router 


Interface ' IP ad dressing 


Rl 


SO. 0.12= [0.1.12.1 24 
SO/0. 13= 10.1.13.1 /24 


R2 


SO/0.21 = 111.1.12.2/24 
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Task 1 

Configure Rl and R2 so that they use UDP Echo packets to perform and determine the 
end-to-end response time. In this operation RI should send these packets and R2 should 
be configured to respond to the packets with a time-stamp such that Rl can calculate the 
round trip time. This test should be performed for 30 seconds. 



Using Cisco IP SLA, the performance of the network can he monitored: this can he performed 
without deploying a physical probe. A router can he configured to send a generated packet to the 
destination device and once the destination device receives this packet, the device will respond with 

time-stamp information for the source so the source can make the calculation on performance 

metric. 

The I I'M 5 Eclio operation measures end-to-end response time between ll Cisco router and devices 

using IP. 

In this task III should he configured as an IP SLA responder, a responder actually responds to 

Cisco IP SLA's request packets. 

On R2 

R2fconfig)#ip sla monitor responder 

To verify the confisjurntion: 
On R2 

R2^Sh ip sla monitor responder 

IP SLAs Responder is: Enabled 

Number of control message received: Number of errors: 

Recent sources: 

Recent error sources: 

Note the responder is enabled. 

Onkl 

R 1 (c o nfig)#l P SLA monitor 10 

Rlfconfig-sla-monitor^type udpEcho dest-ipaddr 10.1.12.2 dest-port 12000 
Rife o nfig- si a-mo ni to r- ud p )# fr eq u en e y 5 

Note the above commands configure a UDP ECHO to be sent to destination IP address of 10.1.12.2 
(R2) to UDP port number 12000 every 5 seconds. 

The following configures the scheduling parameters for the SLA operation to start immediately and 
continue for 30 seconds ONLY. Note the numeric value (TO) after the "IP SLA monitor schedule" 
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command should match the number configured in the "IP SLA monitor'" command above. 
Rl(config)#lPSLA monitor schedule 14) start-time now life 3(1 

To test the configuration: 



On R2 

R2"Show ip sla monitor rcspondcr 

IP SLAs Rcspondcr is: Enabled 

Number of control message received: 5 Number of errors: 

Recent sources: 

10. 1.12.1 [05:33: 1 9.6 1 1 UTC Tue Jan 1 5 2008! 
10.1.12.1 [05:33:14.61 1 L'TCTueJan 15 2008] 
10.1.12.1 [05:33:09.611 L'TCTueJan 15 2008; 
10.1.12.1 [05:33:04.61 I UTCTucJan 15 2008] 
10. 1 . 1 2. 1 [05:32:59.6 1 1 UTC Tue Jan 1 5 200 8 J 

Recent error sources: 



On kl 



Rl"Sh in sla monitor statistics 



The RTT time mav vary in your test. 



Round trip time (RTT) Index"! 

Latest RTT: 30 ms^ 
Latest operation start time: *05:27:24.176 LTC Men Jan 14 2008 
Latest operation return code: OK 
Number of successes: 6 
N u mb cr o f fai I urcs: 
pcration time to live: 



Task 2 

Reconfigure the previous task to send packets with 1500 Bytes in size; this router should 
keep the statistics for a period of one hour 
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Rl(config')#ip si a monitor 10 

Rl (conf1g-sla-monitor)"type udpEeho dest-ipaddr 10.1.12.2 dest-port 12 

Rl (config-sla-monitor-udp)"frcc]ucncy 5 

Rl (config-sla-monitor-udp)? ! request-dats-size' 1500 

Rl (conflg-sla-rmnitor-udp^hours-of-statistics-kept 1 

Note the "request -data- size'' command can he used to set the packet size and the 
"hours-of-statistics-kept 1" command specifies that the stats should he kept lor an 
hour ONLY. 

Lastly the scheduling is invoked as follows: 

R](eonfig)#lP SLA monitor schedule 10 start-time now life 30 

To verify the configuration: 

On Rl 

Rlf*Sh ip sla monitor statistics 

Round trip time (RTT) Index 10 

Latest RTT: 773 ms 
Latest operation start time: *06:04:34.600 LTC Mon Jan 14 2008 
Latest operation return code: OK 
Number of successes: 6 
N u mb cr o f f ai lu r es: 
Operation time to live: 

Note the packet size was increased to 1500 bytes therefore, the RTT was affected, 
once again remember that your RTT may vary. 

To verify the configuration: 
On Rl 



RlffShow ip sla monitor configuration 

SA Agent. Infrastructure Engine-]] 

Entry number: 10 

Owner: 

Tag: 

Type of operation to perform: udpEcho 

Target address: 10.1.12.2 
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Source address: 0.0.0.0 

Target port: 12000 

Source port: 

Request size (ARR data portion): 1500 

Operation timeout (milliseconds): 5000 

Type Of Service parameters: 0x0 

Verify data: No 

Data pattern: 

Vrf Name: 

Control Packets: enabled 

Operation frequency (seconds): 5 

Next Scheduled Start Time: Start Time already passed 

Group Scheduled : FALSE 

Life (seconds): 30 

Entry Ageout (seconds): never 

Recurring (Starting Everyday): FALSE 

Status of entry (SN'MP RowStatus): Active 

Threshold (milliseconds): 5000 

Number oi statistic hours kept: 1 

Number of Statistic distribution buckets kept: I 

Statistic distribution interval (milliseconds): 20 

Enhanced History: 

Number of history Lives kept: 

Number of history Buckets kept: 15 

History Filter Type: None 



Task 3 

Configure R3 to measure the response time taken to perform a TCP Connect operation 
between R3 and RLR3 should be configured to generate TCP Connect messages, 
whereas. Rl should be configured such that it enhances the accuracy of the connection 
response time. 



This task can he accomplished by configuring the IP SI.AsTCP Connect operation, 
this operation is used to measure the response time taken to perform a TCP connect 
operation. To enhance the accuracy of the response time Rl should be configured as 
an IP SLA res ponder. 

On Rl 



Rl iconfigteip sla monitor respondei 
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On R3 

R3(config)#ip sla monitor 30 

R3(config-s la- monitor)* type TcpConnect dest-ipaddr 10.1.13.1 dest-port 23 

R3 (c o n fig-s la- mo n i to r- ten )# t im eo u t 1 00 

R 3 (con fig-s la- mo n i to r- ten )# fr eq u en c y 5 

R3(config)#ip sla monitor schedule 30 life forever start-time now 
To verify the configuration: 

On Rl 

RlftSh ip sla monitor rcsp 

IP SLA Monitor Rcspondcr is: Enabled 

Number of contra I message received: 22 Number of errors: 

Recent sources: 

10.1.13.3 [10:58:38.052 LTC Sat Jan 3 2009] 

1 0. 1 . 13.3 [10:58:33.052 LTC Sat Jan 3 2009! 

10.1.13.3 [10:58:28.052 LTC Sat Jan 3 20091 

10.1.13.3 [10:58:23.052 LTC Sat Jan 3 2009J 

10.1.13.3 [10:58:1 8.055 LTC Sat Jan 3 20091 
Recent crrar sources: 

On R3 

R 3ft Show ip sla roonito statistics 

Round trip time (RTT) Index 30 

Latest RTT: 36 ms 
Latest operation start time: *1 6:27:28. 141 LTC Tuc Apr 1 6 2002 
Latest operation return code: OK 
Number of successes: 34 
N u mb cr o f fai lu r es: 
Operation time to live: Forever 



Task 4 

Erase the startup conlig and reload the routers before proceeding to the next lab. 
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Lab -2 
Reliable Static Routing using IP SLA 



I oC 



LqO 




200.1. 12.0/24 



Lab Setup 



The frame-relay connection on Rl and R2 shou Id be configured directly under the 
physical interlace. 

The FO/0 interface of Rl and R2 should be configured in VLAN 12 

Run OSPF Area on all interlaces of Rl and R2, Loopback interfaces should be 
advertised using their correct mask. 

L'sc the IP addressing chart below for IP addressing assignment 



IP addressing Chart: 



Router 


Interfaee / IP addressing 


Rl 


SO. =10.1.12.1 '24 
FO/0 = 200. 1.12. 1/24 
Lo0= 1. 1. I.I 8 


R2 


S()/0 = 10.1.12.2/24 
FO/0 = 200.1.12.2/24 

LoO = 2.2.2.2 91 
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Task 1 

Configure two static routes on RI to reach R2's loopback. The configuration should be 
such that if RTs frame-relay connection to R2 is reliably working, it should be the 
preferred path, but ifRl cannot reach R2 through the frame- relay cloud, Rl should take 
the path through its FO/0. EX) NOT use EEK, backup interface,, or PPP to accomplish this 
task. 



To accomplish this task two floating static routes are configured as follows: 
On Rl 

Rl(config)#ip route 2.0.0.0 255.0.0.0 10.1.12.2 50 
R]i;config)#ip route 2.0.0.0 255.0.0.0 200.1.12.2 100 

To verify the configuration: 

On Rl 

Rl^Show ip route B Gate 

Gateway of last resort is not set 

C 1 . . . 0/8 i s d i rec t h/ co n n cc ted , Loo p b ac kO 

S 2.0.0.0/8 |50/01 via 10.1.12.2 

C 200. 1. 12.0/24 is directly connected, FastEthcrnctO 

10. 0.0. 0/24 is subnet ted, 1 subnets 
C 10. 1 .12.0 is d ircctly connected, ScrialO/0 

To test the configuration: 

On R2 

To test this configuration, S0/0 interface of R2 is Shutdow n and the routing table of Rl is 
cheeked, then, a Ping is generated from Rl: 

R2(config)fr]nt SO/'O 
R2i;config-ii>Shutdou n 

On Rl 



Rl#Show ip route B Gate 
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Gateway of last resort is not set 

C 1 .0.0.0/8 is directly connected, LoopbackO 

S 2.0.0.(1/8 ISO/01 via 10.1.12.2 

C 200. 1. 12.0124 is directly connected, FastEt hcmctO 

10.0.0.0/24 is subnet ted, I subnets 
C 10. 1 .12.0 is directly connected. ScrialO/O 

On kl 



Ri#Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo s to 2.2.2_2 S timeout is 2 seconds: 

Success rate is percent (0/5) 

Note (his configuration did NOT accomplish the requirements of this task, because 
shutingdown the SO'O interface of R2 did NOT effect Rl at ALL. 

IP SLA ICMP ECHO can he used to monitor end-to-end response time between a Cisco 
router and another IP device, in this case, another Cisco router. 

In the following configuration Rl is configured to generate "IpIcmpEcho" messages to the 
destination IP address of 10.1.12.2, the source IP address of these messages is set to 
10.1.12.1. The timeout keyword specifies the amount of time an IP SLA operation waits 
for a response from its request packets. In this case the timeout is set to 500 milliseconds. 
The "frequency" keyword sets the rate at which the specified IP SLAs operation h 
repeated. 

On kl 



R 1 (config# ip sla monitor 1 

RI(config-sla-monitor)*type echo protocol ipIcmpEcho 10.1.12.2 source-ipaddr 10.1.12.1 

R I (co n fig-s la- mo n i to r- cc ho ) # t im eo u t 500 

Rl (co n fig-s la- mo ni to r-cc ho )£ frequency 3 

The above configuration is NOT enough for the router to generate the messages specified 
in the configuration, therefore, the router needs to be configured to start the above 
configuration operation. 

The following configuration stalls IP SLA operation 1, immediately with a life of the 
operation in this case set to forever. 

Rlfconfig^ip sla monitor schedule 1 start-time now life forever 
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In the second last step of this configuration, the state oi'IPSL.A operation is tracked for 
reachability: 

Rl(config)#track 2 i tr 1 reachabilit\ 

The last step of this configuration, object tracking 2 is assigned to the primary static 

route: 

Rl(config)#\0 ip route 2.0.0.0 255.0.0.0 10.1.12.2 50 

Rlfconfig^ip route 2.0.0.0 255.0.0.0 10.1.12.2 50 track 2 
Rl(config)*ip route 2.0.0.0 255.0.0.0 200.1.12.2 100 

Enable S0/0 interface of 112: 

On R2 

R2(config)#int SO. 
R2(config-if)#\0 Shutdown 

To verify the confhjuration: 
On Kl 

Rl#Show track 2 

Track 2 y> 

Response Time Rep orUifl reachability 
Reachability is Up 

I changes, last change 00:00:04 
Latest operation return code: OK 
Latest RTT (millisces) 39 
Tracked by: 
ST.AT1C-1P-ROL TING 

Note the rtr 1 is configured based on reachability, and the last operation >vas suecessful 
with a RTT of 39 ms. 

Rl#Show ip route I b Gateway 

Gateway of last resort is not set 

C 1 .0.0. Q''8 is directly connected;, LoophackO 

S 2.0,0.0/8 150/01 via 10.1.12.2 
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C 200. 1.12. 24 is directly con ncctcd, FastEt hcmctO 

10.0.0.0/24 is subnetted, 1 subnets 
C 10. 1 .12.0 is directly connected, ScrialO/0 

Sine the frame-relay link is up and network 2.0.0.0 /8 is reachable through the frame-relay 
cloud, its chosen as the best route. 

Rl*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100 -byte! CMP Echosto 2.2.2.2 r timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/61/76 ms 
To test thi' configuration: 

On R2 

To test the configuration, the S0/0 interface of R2 is shut do*vn, as follows: 

R2(config)#int SO/0 

R2 (con fig- ii> S hu t do « n 

Note the shutting down the S0/0 (The Frame-relay) interface of R2 did not effect the 
Sen a KM interface of Rl: 



On kl 



Rl#Sh ip intbr | Inc Scrial0/0_ 

SeriaKM 10.1.12.1 YES manual up 

1 o test the operation of I P SLA/tracking: 

On kl 



Rl-Shtrack2 

Track 2 
Response Time Reporter 1 reachability 
Reachability is Down 

3 changes, last change 00:09: 1 9 
Latest operation return code: Timeout 
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Tracked by. 
STAT1C-1P-ROLTINC3 

Note htiL'iiiiSL 1 reachability is down (The IP SLA operation can NOT send IpIcmpEcho to 
10.1.12.2), the static route to netuork 2.0.0.0 .'8 with an administrative distance of 50 is 
removed and the static route with an Administrative distance of 100 is injected into the 
routing tahle. 

R I ft S h w i p r nt c b G at cway 

Gateway of last resort is not set 

/ Note the nest hop IP address changed 
C 1 .0.0.0/8 is directly connected. Loop'backO 
S 2.0.0.0/8 |100/01 via 2011.1.12.2 
C 200. 1. 12.G/24 is directly connected, FastEt hcmctO 

10.0.0.0.24 is subnetted, I subnets 
C 1 0. 1 . 1 2.0 is d ircctly connected, ScrialO/0 

Note the following Traceroute & Ping command reveals that the reachability is now 
through the Fast Ethernet interface. 

Rl#traccroutc 2.2.2.2 

Type escape sequence to abort. 
Tracing the route to 2.2.2.2 

1 200.1.12.2 20 msec * 48 msec 

Rl^Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 2. 2. 2.2 r timeout is 2 seconds: 



Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/2/4 ms 

Note because of the floating static route and the IP SLA configuration, if the SO/0 
interface of R2 is brought back up, the track 2 reachability will be UP, therefore, the 
primary static route will be injected back into the routing table and the backup static 
route will be removed. 

To test the configuration: 
On R2 
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R2(co nilgai rat SO/0 
R2icon%-it>N() shut 

On kl 

Rl^Ship route line 2.0.0.0 

S 2.0.0.0/8 [50/0] via 10.1.12.2 

Rlggbg 2.2.2.2 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 2.2.2.2, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/2/4 ms 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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Lab -3 
Reliable Conditional Default Route Injection Using 

IP SLA 



LcO 




Lab Setup: 



The frame-relay connection on Rl and R2 should he configured directly under the 
physical interlace. 

The FO'O interface of R2 and R3 should be configured in VLAN 23 

Use the IP addressing chart below for IP addressing assignment 



ll J aikltTssing Chart: 



Router 


Interface / IP ud dressing 


R] 


SO = 1 ill. 12.1 24 


R2 


S0/0 = 10.1.12.2/24 
F0/0 = 10.1.23.2/24 


R3 


F0.0 = 10. 1.23.3 24 
LoO = 3333/24 
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Task I 

Configure R]Pv2 on the link that between Rl to R2 and OSPF area between R2 and R3. 
R3 should run OSPF on all of it's directly connected interfaces. 



On Rl & R2 

( config-ifjnfra Liter rip 
(confjg-routcr)#no auto 
(config-router)#ver 2 
(config-routcr^nct 1 0. 0.0.0 

On R2 

R2 (con fig )#ro utcr rip 

R2 ( co n fig-ro li t cr )#p ass ivc- i ntcrtkc c F0. 

R2(config)#routcr ospf I 
R2i;config-roLUcr)#nctw 10.1.23.2 0.0.0.0 area 

On R3 

R3 (co n fig )f#ro u t cr o sp f 1 
R3i;config-roLitcr)#nctw 3.3.3.3 0.0.0.0 area 
R3(config-roLitcr)#nctw 10.1.23.3 0.0.0.0 area 

To verify the configuration: 
On R2 

R2#Show ip route ospf Inc Q 

3.3.3.3 [ 1 10/1 1 J via 10.1 .23.3, 00:07:02, FastEthcrnctO.O 

On Rl 

Rl#Show ip route rip 1 Inc R 

R I ft 1 .23.0 [ 120/1 J via 10. 1. 12.2, 00:00:26, ScrialO/0 
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Task 2 

Configure R2 to advertise a default route into OSPF routing domain. The default route 
should ONLY be injected if R2 and Rl have reachability through the frame-relay cloud. 
You arc NOT allowed to use static route or IP SLA to accomplish this task. 



Since the use of IF SLA and static route is prohibited, PFF is used to accomplish this 
task: when configuring PPP on any link, a host route is injected, there-fare, the host 
route can be identified by an access-list, and the access-list is referenced in the route- 
map, and finaly the route-map is referenced by "default-information originate" router 
configuration command, as fallows: 

Step 1: 

The fallowing configures PPP on Frame- relay: 

On Rl and \U 

RZiconfig^int SO/0 
R2(config-ii>NO ip addr 

On Rl 



Rliconfig^lnt virtual-template 12 
Rlfconfig-itVipaddr 10. 1. 12.1 255.255.255.0 

Rli;config-ii>IntSO/0 

R I i'conf]g-jf)#frame-relav interiace-dlei 1(92 ppp virtual-template 12 

On R2 

R2(con%)*lnt virtu a I- temp I ate 21 

R2(config-ii>ip addr 1 0.1.1 22 255255.255.0 

R2i;config-it>Int SO/0 

R2(config-if)#franie-relay interface-dlci 201 ppp virtual-template 21 

To verify the configuration: 

On Rl 

Note the output of the following Show command reveals the host route that is injected 
bv PPP: 
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Rl#Sjj ip route bag C 

Codes: C - connected, S - Sialic, R- RIP, M - mobile, B - BGP 
C 1 0. 1 . 1 2.2' 32 is directly connected, Virtual- Ace css2 
C 1 0. 1 . 1 2 .0/24 is directly co n nee ted , V irtual- Ac c css2 

On R2 

R2?*Sh ip route Inc C 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
C 10. 1 .12.1/32 is directly connected, Virtual- Ac ccss2 
C 10. 1 . 12.0/24 is directly connected, Virtual- Ac ccss2 
C 10. 1 23.0/24 is directly connected, FastEtbernctO/0 

Note the two routers aire exchanging routes: 
On Kl 

Rl#Shfl ip route rip 

IO.O.O.Q'8 is variably subletted, 3 subnets, 2 masks 
R 1 D. 1 23.0/24 1 120/1 J via 10. 1. 12.2, 00:00:25, VirtLial-Acccss2 

Step 2: 

An access-list is configured to reference the host mute generated by PPP: 

R2(con fig )*aeeess -list 1 permit host 10.1.12.1 

Step 3: 

A route- map is configured to reference the access-list: 

R2(config)#routc-map TST permit 10 
R2 (con fig-route- map) rematch ip addr I 

Step 4: 

In this final step a "default- in for mat ion originate" is configured referencing the route- 
map: 

R2 (co n fig-ro u t c- map )# ro u t cr o sp f 1 
R2(config-roLitcr)#default-informalion originate route-map TST 

To verity tht 1 configuration: 
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On K3 

R3#Show ip route ospf 1 jjjC 

()*E2 0.0.0.0/0 1 110/11 via 10.1.23.2, 00:00:51, FaslElhernelO/0 

To test the configuration: 

Note once Rl 's SO/0 goes down, the host route is removed and the condition of the 
route-map TST is no longer true, therefore, the default route is removed. 

Rl(config)#intS0/0 
Rliconfig-ityShut 

On K3 

R3sShow ip route ospf Inc 
R3# 

To test this condition further: 

On Kl 

Rl(config)#intSO/0 
R 1 (con fig- ify*No shut 

On K3 

R3f*Show ip route ospf 1 lnc 

Q*E2 0.0.0.0/0 1110/11 via 10.1.23.2, 00:00:08, FasiEthernetO/0 



Task 3 

Re-configure R2 to advertise a default route into OSPF routing domain. The ■default mute 
should ONLY be injected if R2 and Rl have reachability through the frame-relay cloud. 
You should use IP SLA to accomplish this task. 



On R2 
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Step one: 

The access-list, route-map and the default- in formation originate commands are 

removed: 

R2(config)#\0 access-list 1 
R2{oonfig)#N() route-map TST 

R2 (co n fig)#ro u tcr o sp f 1 

R2(config-rontcr)#\0 default -in form at ion originate 

Configuring IP SLA to generate IP 1CMP Echo messages, the timeout and frequency 
can he set to any value: 

R2(config)#ip sla monitor 10 

R2i'config-sla-monitor)T*type echo protocol ipicmpEcho 10.1.12.1 souree-ipaddr 10.1.12.2 

R2(config-sla-monitor-ccho)ntimeout 250 

R2(c:cmt1g-5la-munitor- echo '^frequency 5 

Note even though the IP SLA is configured, it won't start unless its configured to do so: 
when starting the operation, the start-time and life of these messages are defined: 

R2(config)rrip sla monitor schedule 10 start-time now life forever 

The IP SLA operation is tracked in track 2 for reachability: 

R2 (co nfig)# track 2 rtr 10 reachability 

Since the track is referenced in the following default route, if the IP SLA operation fails, 
track 2 will go down and the default route is removed. Remember, in order to initiate a 
default route in OSPF, the local router must have a default route or else it won't 
generate a default route: 

R2(config)*ip route 0.0.0.0 0.0.0.0 nullO track 2 

R2(con.fig)#routcr ospf 1 

R2(config-roLitcr)r* default- in form at ion originate 

To verify the configuration: 

On R3 

R3#Show ip route ospf 

Q»E2 O.O.O.O.-'O [110 1 ; via 10. 1.23.2, 00:1 7:38, FastEthcrnctO 
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To test the configuration: 

On Rl 

R-"Sho\v track 2 

Track 2 
Response Time Reporter 10 reachability 
Reach ability is Up 

2 changes, last change 00:00:09 
Latest operation return code: OK 
Latest RTT (mil Usees} 36 
Tracked by: 

STATIC-IP-ROUTING 

Note reachability is UP, therefore, the default mute should be present in R3's muting 
table: 

On R3 

R 3* Show ip route ospt" 

0*E,2 0.0.0.0/0 [110/1 J via 10.123.2, 00:02:06 , FastE thcrnctO/O 

To test till is configuration: 

1. SerialQ/0 interface of Rl is Shutdown. 

2. The state of track 2 is checked on R2, the state must be Down. 

3. The routing table of R3 is checked, it should NOT have a default route. 

4. SerialO.'O interface of Rl is enabled. 

5. The state of track 2 is checked on R2, the state must be UP. 

6. The routing table of R3 is checked, it should have a default route. 

Step one: 
On Rl 

Rl(config)#lnt SO/11 
Rlfconfig-ii>Shut 

Step Two: 

On R2 

CC1E R& S bj Narbik Kutharians Advanced COE R&S Work Book 2.0 Page 1 002 of 1068 

C 2049 Narbik. Kiichnrinni. All righta reirrvtii 



RZsShow track 2 

Trac k 2 
Response Time Reporter 10 reachability 
Reachability is Down 

4 changes, last change 00:04:25 
Latest operation return code: Timeout 
Tracked by: 

STAT1C-IP-ROUTING0 

Step Three: 
On K3 

R3r*Show ip route ospf 
R3S 

Step Four: 

On Kl 

Rl(config)#]ntSO/0 
Rli;config-it>\oshut 

Step Five: 

R2*Show track 2 

Track 2 
Response Time Reporter 10 reachability 
Reachability is Up 

5 changes, last change 00:00:22 
Latest operation return code: OK 
Latest RTT (millisccs) 35 
Tracked by: 

STATIC-IP-ROUTING 

Step Six: 

R3f*Sho\v ip route ospf 

Q*E2 Q.O.O.Q/0 [110/1] via 10.1.23.2, 00:01:1 1, FastEthcrnctO'O 
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Task 4 

Configure R2 to advertise a default route into RlPv2 routing domain. The default route 
should ONLY be injected if R2 has reachability to R3 through the switched connection. 
You should use IP SLA to accomplish this task. 



Note R2 will NOT be aware if the FO/0 interface of R3 goes down, therefore, if the FO/0 
interface of R3 is donn, the FO/0 interface of R2 t^ill remain in UP LP state. 

To configure this injection of default route reliably, onee again, the IP SLA operation is 
configured like the previous tasks, but the difference in this configuration is the 
folio wing: 

A fake static route is created so it can be utilized to accomplish this task, this static route 
can be for any network, this netuork does NOT exist: this static mute is tracked by the 

IP SLA operation and referenced in a route-map, the route-map is referenced in the 
"default-information originate" router configuration command, therefore, if R2 fails to 
reach R3's FO/0 IP address through the IP SLA operation, this static route is removed, if 
the static route is removed the condition of the route-map 'will NOT be true, therefore, 
the default route is removed. 

On R2 

The following creates a fake static route, in this case 3.333 /32 IP address is chosen: 

R2(config)#ip route 3.3.3.3 255.255.255.255 nullO 

The following access-list is created to identify the fake static route: 

Rlfconfig^access-list 1 permit host 3.333 

A route-map is configured and access-list 1 is referenced: 

R2 (co n fig )#ro utc- map TSI permit 10 

R2 (eon fig-route- map. 'in match ip address 1 

The following configuration instructs the router to inject a default route ONLY if the 
condition of the route-map is true: the condition of the route-map can only be true if 
33.3.3 .'32 exists: 

R 2 1 c o n fig)r#ro u tcr rip 

R2(config-routcr)ndefault-infoiTnalion originate route-map 1ST 

To verify the configuration: 
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On kl 

Note the default route is injected: 

Rl#Shgw ip route rip lnc R 

R 1 0. 1 .23.0 [ 120/1 J via 10. 1. 12.2, 00:00:0 1 , ScrialO 
R* O.O.O.O/O [120/1] via 10. L122, 00:OO30 1 , ScrialO.. 

'l'» test the configuration: 

On K3 

The FO/0 interface of R3 is Shutdown: 

R3(ccmfig)#int (D/0 

R3i;config-it>Shut 

Note even though the FO/O interface of R3 is in shutdown mode, the default route is still 
injected, as follows: 

Rl#Sh ip route rip lnc R 

R 10. 1.23.0 [12 0/ 1 J v ia 1 . 1 . 1 2 .2 , 00:00 : 17, Scr ialO/0 
R* 0.0.0.(M [120 1 J via 10.1.122, 00:00:17, ScrialO/0 

To inject a reliable default mute, an IP SLA Monitor is configured to track the 
reachability of R3*s F0/0 interface, this is called a reliable conditional default gateway 
injection, as follows: 

R2(config)rrip sla monitor 10 

R2(eonfig-sla-monitor)#type echo protocol IpIcmpFcho 10.1.23.3 source-ipaddr 10.1.23.2 

R2(confjg-sla-monitor-LTho, ^timeout 250 

R2 1 c o n fig-s la- mo n i to r- cc ho ) " freq uen cy 3 

R2(eonfig)sip sla monitor schedule 1 start-time now life forever 

R2(config)#trackl rtr 10. reachability 

The following command tracks the static route created earlier: 

R2(oonfigJ#NO ip route 3.3.3.3 255.255.255.255 null II 

R2(config)tfip route 3.3.3.3 255.255.255.255 null II track 1 
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The FD/O interface of R3 is re-enabled: 

R3(config)#int fO/0 

R3(config-if)*#NO Shut 

To verify the configuration: 

On R2 

R2*Sh track 

Track 10 
Response Time Reporter 1 reachability 
Reachability is Up 

2 changes, last change 00:00:06 
Latest operation return code: OK 
Latest RTT (millisccs) 1 
Tracked by: 

STATIC-IP-ROUTING 

R l^Show ip route rip Inc R 

R 10. 1.23.0 [120/1] via 10.1.122, 00:00: 16, ScrialOO 
R * B: D. 0. 0/ [ 1 2 0/ 1 J v ia 10 . 1. 1 2 .2 , 00 :00 : 1 6 , ScrialO.'O 

1 o test the configuration: 

The following is how the test will be conducted: 

■ F0/0 interface of R3 is shutdown. 

• A "Debug Track'" on R2 and "Debug ip iemp'" on R3 is configured. 

• The routing table of Rl is checked: if the configuration was performed properly, 
R2 should remove the fake static route to 3.333/32, once this happens, the 
condition of the route-map (IS If is no longer true, therefore, the default route is 
removed and it will NOT be in the muting table of Rl. 

• The Ffl/0 interface of R3 is enabled (No Shut), if the Configuration was performed 
properly, R2 should inject the default mute back into RIP routing domain. 

On R2 

Oj Debug track 

On K3 
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R3#Dcbug ip icmp 

The interface is shutdown: 

R3(config)#int FO 
R3 (con fig- it> shut 

Note on R2 you should re-ceiie th e i'o I lowing messages: 

00:46:04.507: Track: 1 Change # I rtr I, reachability Up->Down 
00:46:04.51 I: %TRACKlNG-5-STATE: 1 rtr 1 reachability lp->DoMn 

The routing table of III is verified: 

On Rl 

Rl#Sho\v ip route rip Inc R 

R 10. 1.23.0 [120/1 J via 10.1.122,00:00:09, ScrialO.'O 

The output of the above command reveals that Rl no longer has the default route in its 
routing table. 

The Ffl/O interface of R3 is brought back up: 

On R3 

R3(config)#int fl)/0 
R3(eonfig-ii>No Shut 

On R2 

You should receive the following message: 

11:37:24.972: Track: 1 Change #2 rtr 10, reachability Do\m->lp 

R2#Slj track 

Track 10 
Response Time Reporter 1 reachability 
Reachability is I. p 
2 changes, last change 00:02:29 
Latest operation return code: OK 
Latest RTT I'millisccs) 1 
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Tracked by: 
STAT1C-1P-ROLT1NC3 

The routing table of Rl is checked: 

Rl^sh ap route rip Inc R 

R 10.1.23.0 [ 120/1 J via 10.1.122,00:00:16, ScrialO/O 
R* 0.0.0.0/0 [120/1 J via 10.1.12.2,00:00:16, ScrialO/0 

Note the default route is in Hit.* mutiny table of Rl. This may take feu seconds. 



Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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<* in HSRP U 


sing 


IP SLA 


1 





l.al> Setup: 

■ Configure the routers connected to the frame-relay cloud in a hub and spoke 
manner. 

■ Router Rl should be configured to be the hub and routers R2 and R3 should be 

con loured lis the spokes. 

• Rl should be configured directly under the physical interface and it should be 
configured with two frame-relay mappings, one to R2 and the second one to R3. 

■ R2 and R3 should be configured directly under their physical interface and they 
should each be configured with a single frame- relay mapping to the hub. 
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■ The FQ interlace of R2, R3 and R4 should be configured in VL AN* 234. 
• Use the following IP addressing chart for IP address assignment. 
P addressing Chart: 



Router 


Interface IP addressing 


Rl 


90/0 = 10.1.123.1 24 


R2 


SO 0= 10.1.1212 (24 

F0/0 = 10.1.234.2/24 


R3 


S0/0= 10.1.123.3/24 
F0/0 = 10.1.234.3/24 


R4 


Ftt'0 = 10.1.234.4/24 



I ask I 

Configure HSRP on R2 and R3 using the following requirements: 

■ R2 should be configured as the active router, whereas, router R3 should be 
configured as the Standby router 

• Preemption should be enabled 

- The HSRP IP address should be 10.1.234.100 /24 



On R2 

R2i;config)#iiit f0/0 
R2(config-il>staiidby 1 ip 10.1.234. ll 
RZfconfig-ilVstandby 1 priority 110 
R2 (con fig- if)?* stand by 1 preempt 

On K3 

R3i;config'^iiit f0/0 
R3(config-il>standby 1 ip 10. 1.234.1 1 
R3(config-if)r* stand by 1 preempt 

1 o verify the coniinuratiim: 



CCIE R& S by Narbik Kochariami Advanced CCIE R&S Work Book 10 

C 2009 \'arl>ik Kucha riant. All righti reserved 



Paget 01 Oof 1068 



On K3 

R 3* Show standby 

FastEthcrnctO - Group I 
State is Standby 

1 state c h angc, last state C h angc : 00 : 2 
Virtual IP address is 10. 1 .234. 1IKI 
Active virtual MAC address is G000.0e07.ac0 I 

Local virtual MAC address is0000.0c07.ac01 (vl dcikult) 
Hello time 3 sec, hold time 10 sec 

Next hello sent in 0.107 sees 
Preemption enabled 

Active router is 10. 1.234.2 S priority 1 10 (expires in 7.596 sec) 
Standby router is local 
Priority 100 (dcikult 100) 
IP redundancy name is^hsqi-FaO/O-l'" (default) 

On R2 

R2*Show standbv 



FastEthcrnctO - Group 1 
State is Active 

2 state changes, last state change 00:03:59 
Virtual IP address is HU.234.I0fl 
Active virtual MAC address is 0000.0e07.ac0 I 

Local virtual MAC address is0000.0c07.ac01 (vl dcikult) 
Hello time 3 sec, hold time 1 sec 

Next hello sent in 0.664 sees 
Preemption enabled 
Active router is local 

Standby muter is 10.1.234.3, priority 100 (expires in 7.171 see' 
Pri o ri ty 1 1 ( co n fig u re d 110) 
IP redundancy name is'"hsrp-FaO/0-]'" (default) 
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Task 2 

Configure a default gateway on R4 pointing to the HSRP's IP address. Provide NLRI 
using RlPv2 on all routers. 



On Rl. R2and R3 

(config^routcr rip 
(config-routcr)^no au 
(eonfig-routcr)#ver 2 
( config-routcrj^nctwork 1 0. 0. 0.0 

On R4 

R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.234.100 
In verify the configuration: 

On R4 

R4*Show ip route i b Gateway 

Gateway of last resort is 10.1.234. 100 to network 0.0.0.0 

1 0.0.0. 0/24 issubnetted, 2 subnets 
R 10. 1.123.0 [ 120/1 J via 1 0. 1 .234.3, 00:00: 1 I , FastEthcrnetO.O 
1 120/1 J via 10.1.234.2, 00:00:23, FastEthcrnctO'O 
C 10. 1.234.0 is directly connected, FastEthcrnctO/0 
S* 0.0.0.0/0 [ 1/0] via 10. 1.234. 100 

On Rl 



Rl#Shgw ip route b Gateway 

Gateway of last resort is not set 

1 0.0.0.0/24 is subletted, 2 subnets 
C 1 0. 1 . 1 23. is directly connected, SerialO/0 
R 10. 12340 [120/1] via 10.1. 123.3, 00:00:09, SerialQ/0 
[ 120/1] via 10. 1. 123.2, 00:00:24, ScrialO 



CCIE R& «> bv Narbik Ku^hariflnS Advanced CCIE R&S \\ ork Buuk 2.0 Page 1012 of 1068 

C 2009 Xarbik kiidinruni. All rijlilj reserved 



Task 3 

Configure R2 and R3 Id keep track of their Frame-relay connection to Rl. This 
configuration must check end-to-end connectivity;, and if R2 Jails to reach R! 's Frame- 
relay interface. R3 should become the active router. 



IF SLA monitor can he used in conjunction willi flSRP. An SLA monitor is configured 
for testing end-to-end reachability: a track object is configured and tied to SLA 
monitor. The "track" keyword is used in HSRP to call the tracked object. When 
connectivity is broken between Rl and R2, the status of the tracked object goes down 
and HSRP decrements the priority by the configured value, in this case 5(1 and since 
the preemption is configured, R3 will generate a Coup message and because it will 
have a higher priority (TOO) it will become the active router. 

On R2 

R2(config)**ip sla monitor 1(1 

R2iconfig-sla-monitor)T*type echo protocol IpIcmpEcho 10.1.123.1 source-interface SO/0 

R2(config-sla-monitor-ccho)r*timeout 500 

R2(eonfig-sla-monitor-ccho)**frequency 5 

R2(eonfig)#lp SLA monitor schedule 10 start-time now life forever 

R2i con fig')** track 1 rtr 1 reachability 

R2i;config)#Int F0/0 

R2(config-if)#standby 1 track 1 decrement 511 

On K3 

R3(config)**1p sla monitor 3D 

R3(config-sla-monitor)T*type echo protocol IpIcmpEcho 10.1.123.1 source-interface SO.'O 
R3(eonfig-sla-momtor-ccho')**timeout 500 
R 3 i c o n fig-s la- mo n i to r-cc ho )** fr eq uen c y 5 

R3(config)nIp sla monitor schedule 30 start-time now life forever 

R 3 (con fig)" track 1 rtr 30 reachability 

R3i;config)#int flWQ 

R3(config-if)r*standby 1 track 1 decrement 511 

To verify the ennt'teuration: 
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On R2 

R2f*Show standby 

FastEthcrnctO/0 - Group I 
State is Active 

7 state changes, last state change 00:03:57 
Virtual IP address is 10. 1 .234. 1IKI 
Active virtual MAC address is 0000.0c07.ac0! 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 10 sec 

Next hello sent in 2.279 sees 
Preemption enabled 
Active router is local 

Standby muter is 10.1.234.3, priority 100 (expires in 7.167 sec) 
Priority 110 (configured 110) 

Track object 1 state Up decrement 50 
IP redundancy name is'"hsrp-Fa0 0-1" (default) 

R 23 Show ip sla monitor statistics 

Round trap timc(RTT) Index 1 

Latest RTT: 40 ms 
Latest operation start time: *07:2 8:30. 475 L'TC Sat Apr 13 2002 
Latest operation return code: OK 
Number of successes: 50 
N" umber of failures: 
Operation time to live: Forever 

On K3 

R3#Show standby 

FastEthcrnetO - Group 1 
Si Li I l' is Standby 

7 state changes, last state change 00:07:21 
Virtual IP address is 10.1.234.100 
Active virtual MAC address is 0000.0e07.ac0 1 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 10 sec 

Next hello sent in 0.035 sees 
Preemption enabled 

Active muter is 10.1.234.2, priority 110 (expires in 9.142 sec) 
Standbv muter is local 
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Priority 100 (default 100) 

Truck object 1 state Up decrement 50 
IP redundancy name is ""hsrp-FaO.'O- 1 ™ (default) 

R3f*Show ip si a monitor statistics 

Round trip time (RTT) Index 1 

Latest RTT:4() ms 
Latest operation start time: *12:08: 14.903 LTC Fri Apr 12 2002 
Latest operation return code: OK 
Number of successes: SI 
Number of failures: 
Operation time to live: Forever 

To test thi' configuration: 

On K2 

R2(config)#int sO/0 
R2lconfig-if>Shut 

You should get the following messages stating that R2 is now in Standby state: 

%HSRP-6-STATECHANGE:FastEthcmct<W Grp 1 state Active -> Speak 
%HSRP-6-S TATE CHANGE : FastEthcrnctO/0 Grp 1 state Speak -> Standby 

To verify the configuration: 

On R2 

R2*Sho\v standbv 



FastEthcrnctO'O - Group I 
State is Standbv 

9 state changes, last state change 00:01:59 
Virtual IP address is 10.1.234.100 
Active virtual MAC address is 0000.0c07.ac0 I 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 10 sec 

Next hello sent in 0.347 sees 
Preemption enabled 

Active router is 10.1.234.3, priority 100 (expires in 9.351 sec) 
Standbv router is local 
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Priority 60 (configured 110) 

Track object 1 state Down decrement 50 
IP redundancy name i$ n hsip-FaO/0-l" (default) 

R2*Show track 

Track I 
Response Time Reporter 1 reachability 
Reach ability is Down 

5 changes, last change 00:03:03 
Latest operation return code: Timeout 
Tracked by: 

HSRP FastEthcrnctO-'O 1 

On K3 

RJ#Show standby 

Fast Ethernet 0/0 - Group I 
State is Active 

8 state changes, last state change 00:02:31 
Virtual IP address is 10. 1.234.1 0(1 
Active virtual MAC address is 0000.0c07.ac0 1 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 1 sec 

Next hello sent in 1.253 sees 
Preemption enabled 
Active router is local 

Standby muter is 10.1.234.2, priority 60 (expires in 9.247 sec) 
Priority 100 (default 100) 

Track object 1 state Up decrement 50 
IP redundancy name is'"hsrp-FaO/0-T" (default) 

To test the configuration further: 

On K4 

R4*Ping 10.1.123.1 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 123. 1, timeout is 2 seconds: 



Sueeess rate is SO percent (4/5), round-trip min.'avg.'ma\ = 56/57/61 ms 
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On R2 

R2(conf.g-if)#int sO/0 
R2(config-if>mo shut 

You should receive (he following message stating that III is once again the active 
router: 

%HSRP-6-STATECHA\GE: FastFthernetO Grp 1 state Standby -> Active 

To test the configuration: 

On K4 

R4^Ping 10. 1.123.1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1. 123. 1, timeout is 2 seconds: 

Success rate is 8(1 percent (4/5), round -trip rnin/avg/rnax = 56/58/60 ms 

Note R4 can successfully Ping Rl's Frame-relay interface using the default route that 
is pointing to the HSRFs IP address ofl 0.1.234. 100 

R2"Sho\v standbv 



Fast Ethernet 0/0 - Group 1 
SI Lite is Active 

10 state changes, last state change 00:02:23 
Virtual IP address is 10.1.234.100 
Active virtual MAC address is O000.0c07.ac0 1 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 10 sec 

Next hello sent in 0.156 sees 
Preemption enabled 
Active muter is local 

Standby muter is 10.1.234.3, priority 100 (expires in 8.153 sec) 
Priority 1 10 (configured 110) 

Track object 1 state Up decrement 50 
IP redundancy name is'^sm-FaO/O-l" (default) 

R2#Show track 

Track I 
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Response Time Reporter 1 reachability 
Reachability is Up 

6 changes, last change 00:04:59 
Latest operation rut urn code: OK 
Latest RTT (millisccs) 40 
Tracked by: 

HSRP Fas IE t he rnu 1(1/(1 1 

On K3 

R3f*Show standby 

FastEthcrnctO - Group I 
Statu is Standby 

10 state changes, last state change 00:06:07 
Virtual IP address is 1(1.1.234.1(1(1 
Active virtual MAC address is 0000.0c07.ac0 I 

Local virtual MAC address is0000.0c07.ac01 (vl default) 
Hello time 3 sec, hold time 1 sec 

Xcxt hello sent in 1.718 sees 
Preemption enabled 

Active muter is 1(1.1.234.2, priority 1 1(1 (expires in 7.709 sec) 
Standby router is local 
Priority KM (default 1(1(1) 

Track object 1 state Up decrement 5(1 
IP redundancy name i4 ,1 hsrp-Fa(I.'(l-l" (default) 

R3f*Show track 

Track I 
Response Time Reporter 1 reachability 
Reachability is Up 

6 changes, last change 00:23:42 
Latest op urn (ion return code: OK 
Latest RTT (millisccs) 39 
Tracked by. 

HSRP Fas IE t heme 1(1/ (1 1 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 
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[.alt Setup: 

■ Configure the FO/1 interface of Rl and R2 in Vlan 100 

■ Con figu r c the F 0' in tcriace o f R2 s R3 and R4 in V Ian 20 

• Configure the FO I interface of R3, R4 and R5 in Vlan 300 

• Use the lb Ho wing 1 P addressing c hart: 



\V at ddres sin a chart: 



Router 


Interlace/ IP addressing 


Rl 


FG'l -10.1.12.1 .'24 
LoO- I.I. I.I 24 
Lol - 11.1.1.1 24 


R2 


FQ 1 -10.1.12.2/24 
FO-'O- 10.1.234.2 

LoO -2.2.2.2 ,'24 


R3 


F0 0- 10.1.234.3 24 
F0 1 - 10. I.I 00.3 -'24 


R4 


F0/0- 10.1.234.4 '24 
F«'l -10.1.100.4 '24 


R5 


FO'l -10.1.100.5 '24 
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Task 1 

Configure OSPF area on RL R2 r and on FO/0 and Ffl'l interlace of R3 and R4. Ensure 
that all loop back interfaces are advertised with their correct mask. 



On Rl 


R 1 (config-if)#int loO 

Rl (config-if)#ip ospf net point-to-point 


Rlfconfig-if^intlol 

R 1 ( c Q n fig- if )#i p o sp f net po in t -to - no i nt 


R 1 (config)#routcr ospf 1 
Rlfconfig-roLUcD^netw 10. 1.12.1 0.0.0.0 arc 
Rl (config-roLitcr^nctw I . I . I . I 0.0.0. arc 
Rl (config-roLitcr)#nct\v 11.1.1.1 0.0.0.0 arc 


On R2 


R2fconfig-if)#int loO 

R2 (con fig- if)#ip o sp f net po in t-to -po i nt 


R2 (con fig- if )#ro utcr ospf 1 
R2(config-routcr)#nct\v 1 0. 1.12.2 0.0.0.0 arc 
R2(config.router)#nctw 10. 1.234.2 0.0.0.0 arc 
R2(config-roLitcr)#nctw 2X22 0.0.0.0 arc 


On R3 


R3 (con fig- if )#ro utcr ospf 1 
R3(config.routcr)#nctw 10. 1.234.3 0.0.0.0 are 
R3(config-roLUcr)#nctw 10.1. 100.3 0.0.0.0 arc 


On R4 


R4 (con fig- if )#ro utcr ospf 1 
R4(config-roLUcr)*nctw 10. 1.234.4 0.0.0.0 arc 
R4(config-routcr)r*nct\v 1 0. 1. 100.4 0.0.0.0 are 


To verify the configuration: 


On R4 
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R4~Sho\v ip route ospf Inc 

1 . 1 . 1 .0 L 1 10/2 1 J via 1 0. 1 .234.2, 00:00:46, FastEthcrnctO/0 
2.22.0 [1 10/1 1 J via 10.1.234.2, 00:00:46, FastEthcrnetO 
10.1.1 2.0 [110/20] via 10. 1 .234.2, 00:00:46, FastE thcrnctO 
I 1 . 1 . 1 .0 [ 1 1 0/2 1 J via 10. 1 . 234.2, 00:00:46, FastEthcractO 






Task 2 

Configure HSRP on FO/1 interface of R3 and R4 using the lb Mowing policy: 

The Virtual IP address- 10.1.100.100 
R3 should be the active router 
R4 should be the standby router 

R.4 shuLi.d beanre the Liet:\e muter ONLY A'R} :s do v. n 

R5 should use the active router to reach the networks behind R3 and. or R4 






On R3 

R3(config)#intF0/l 

R3(config-if)#standby 1 ip 10.1.100.100 
R3(config-if)#standby 1 priority 1 10 
R3(config-if)#standby 1 preempt 

On R4 

R4(config)#intFQ.'l 

R4 (co n fig- if ^standby 1 ip 1 . 1 . 1 00 . 1 

R4(config-if)#standby 1 preempt 

To verity the configuration: 

On R3 

R3#Show standbv brief 

P indicates configured to preempt. 

Interface Grp Prio P State Active Slundb\ Virtual IP 
FaO.I 1 110 P Active local la 1.100.4 10. 1. 100.100 
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On R4 








R4#Show standby brief 

P indicates conligured to 


preempt. 




Interface Grp Prio P State Active Standby 
FaO.i 1 100 P Standby 10.1.100.3 local 


Virtual IP 
10. 1.1 00. 100 


In tt'st the to n tig ura ti 


on: 






On R3 








R3(config)#irjtFfl."l 
R3(config-ii>Shut 








Note R3 is down and the output of the following slum 
became the active router: 


command reveals that R4 


R4#Show standbv brief 

P indicates conligured to 


preempt. 




Interface Grp Prio P State Active 
FaO/1 1 100 P Active local 


Standby 
unknown 


Virtual IP 
10.1.100.100 


On R3 








R3{config)#mtF(yi 

R3(config-if)#no shut 








Note when R3 comes up, i 
the standby router: 


t becomes 


the active router and R4 once again becomes 


On R3 








R3#Show standbv brief 








P indicates configured to 


preempt. 




Interface Cirp Prio P State Active 
FaO/1 1 110 P Active local 


Stiindb) 
1O.1.10O.4 


Virtual IP 
10. 1.100. 100 


On R4 
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R4#Show standbv brief 




P indicates configured to preempt. 




Interface Grp Prio P State Active Standby 


Virtual IP 


FaO.'l 1 109 P Standby 10.1.100.3 local 


I 0.1.1 00.100 


The following configures a static default mute to prov 


ide NLRI to R5: 


On K5 




R5(config)#ip route 0.0.0.0 0.0.0.0 10.1.100.100 





Task 3 

Configure the HSRP routers such that when the FO/0 interlace of R3 is down, HSRP is 
notified after 60 seconds, and R4 becomes the active router; and when R3's F0 
interface comes back up, HSRP is notified after 2 minutes and R3 resumes the active 
role. The interface should be polled every 2 seconds lor this task. 



This task requires the configuration of Enhanced Object Tracking. Before this 

feature was introduced, HSRP had a simple tracking mechanism that 

permitted the tracking of a gi\en interlace. The Enhanced Object Tracking 

feature ean be used to create a separates tracking process that can be used by 

other Cisco IOS processes as well as HSRP. 

HSRP, YRRP, GLBP and/or IP SLA can be considered as client processes, and 

these processes can register their interest in tracking objects and be notified 

when and if the tracked object changes state. 

In Enhanced Object Tracking, the tracking process periodically polls the 

tracked objects in order to detect changes: by default this is done every second 

and this timer can be changed by using the " Track timer interface seconds" 

global configuration command. 

The changes are communicated to the registered client, either immediately or 

after a configured delay; using the " delay up seconds " or "delay down 

sl-l on its " command in track sub-configuration mode. 

In this task the tracking process is configured to track the line-protocol state of 

an interface. 

On R3 

The following command specifies the interval in which the tracking process 

polls the tracked objects: this task requires a poll interval of 2 seconds: 
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R3(config Struck timer interface 2 

The following command tracks, the line-protocol state of FO'O interface of R3 
and enters the tracking configuration mode: 

R3 (con fig )#t rack 1 interface FO/0 line-protocol 

The following commands specify a period of time in seconds to delay 
communicating state changes of a tracked object, the first command instructs 
the object tracking process to wait for 60 seconds before communicating the 
DOWN state of the tracked object and the second command instructs the 
object tracking process to waits for 2 minutes before communicating the UP 
state of the same tracked object: 

R 3 ico n fig-t rac k )#d clay do wn 6 
R3(config-track)Mclay up 120 

To verify the configuration: 

On R3 
R3#Show track I 



Track I 
I ntcrfac c E t hern c ttl'O li nc- p ro to co 1 
Line protocol is Up 

3 changes, last change 00:05:04 
Delay up 120 sees, down 60 sees 
Tracked by: 

HSRP F astEt hern eta- 1 I 

To test the configuration: 



On K3 

R3#d*B track 

R3(config)#int FO'O 
R3(config-if>Shut 



Note the interface \>ent down 00:17:41 



Note OSPF transitioned from F ILL state to down state, because interface was 
shutdown:, 

00:17:41^)63: %OSPF-5-ADJCHG: Process L Nbr 2.2.2.2 on Etl . : 
Fl.'LL to DOWN". Neighbor Down: Interface down or detached 
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00:1 .7:41.97 1: HOSPF-5-ADJCHG: Process 1, Nbr 10.1.234.4 on Fast Ethernet 
from FULL to DOWN, Neighbor Down: Interface down or detached 

The following states that the interface changed state to administratively down: 
00:17:43,951: %UNK-5 -CHANG ED: Interface FastEthcrnctO'O, changed state to 

administratively down Note it took one minute for the process to 
communicate the 

state change 
00:17:44.951: %0NE PROTO-S-UPDOWN: Line protocol on Interface 
FastEthcrnctp/tf, changed state to down 

00:1 8:41 : Track: 1 Down change delay expired 

00:18:41: Track: 1 Changed interface FaOU line-protocol I p->Dimn 

00:18:41.955: %TRACKlNG-5-STATE: 1 interface FaO line-protocol Lp- 

>Doun 

Note the following reveals that HSRP transitioned the F0.T interface of R3 
from Active -^ to Speak -^ standhy: 

00:18:42.371: %HSRP-5-STATECHANGE: Fas tEt hern et0/l Grp 1 state Active. 

> Speak 

00:1 8:52.371 : %HSRP-5-STATECHANGE: Fas tEt hern etO/1 Grp 1 slate Speak ■ 

> Standby 

To test the second condition: 



In this test the FO.'O interface of R3 is brought back up: 

Note the interface came up at 00:20:47 



R3(config)#int F0/0 
R3(config-if)#no shut 



The interface lUHifes up: 

00:20:47.427T%L]NK-3-L:PDO\YN: Interlace Fas tEthcrnctQVO, changed state to up 
0020:48327: %LINEPROTO-5-UPD0WN; Line protocol on Interface 
FastEthcrnctO. 0, changed state to up 

OSPF reestablishes the adjacency and transitions into FULL state: 

00:20:50.495: %OSPF-5-ADJCHG: Process 1, Nbr 222.2 on FastEthcrnctO. from 
LOADING to FULL, Loading Done 

00:20:50.507: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.234.4 on Fast Ethernet 0,0 
from LOADING to FULL, Loading Done 
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Note the output of the following command reveals that even though R3*s 
interface came back up in UP/UP state, it is still in standby, because the 
Enhanced Object Tracking has NOT communicated the UP/UP state to its 
client process in this case HSRP. 

R3#Show standby brief' 



P indicates configured to preempt. 

Interface GrpPrioP State Active Standby 

FaO/1 1 99 PStandbv 10.1.100.4 local 



Virtual IP 
10 1. 100.100 



The following show command reveals the count down of the timer. 

R3*Sh track I 

Track I 
Interface FastEthcrnctO line- pro toco I 
Line protocol is Down, delayed Up ("4 sees remaining) 

4 changes, last change 00:02:49 
Delay up 120 sees, down 60 sees 
Tracked by: 

HSRP EthcrnctQT 1 

R3*Sh track I 

Track 1 
Interlace FastEthcrnctOO line-protocol 
Line protocol is Down, delayed Up (38 sees remaining) 

4 changes, last change 00:03:24 
Delay up 120 sees, down 60 sees 
Tracked by: 

HSRP EthcrnctO, 1 1 

R3*Sh track I 

Track I 
Interlace FastEthcrnctO line-protocol 
Line protocol is Down, delayed Up (7 sees remaining) 

4 changes, last change 00:03:56 
Delay up 1 20 sees, down 60 sees 
Tracked by: 

HSRP EthcrnctQT 1 

The Track timer expires: 

00:22:45: Track: I Up change delay expired 
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Interface FO.'O transitions from Down to L"P state: 

00:22:45: Track: I Change #5 interface FaO/O, line-protocol Down->L~p 
{K):22:45.343:%TRACK]XG-5-STATE: 1 interlace FaO/0 line-protocol Do wn->L'p 

HSRP detects the change and R3 transitions from Standby to Active state: 

00:22:45.435: %HSRP-5-STATECHANGE: FastEthcrnctO/l Grp 1 state Standby - 
> Active 

R3f*Sh standby brief 

P indicates configured to preempt. 

Interface Grp Prio P State Active Standby Virtual IP 

Fa0/1 1 110 P Active local 10. 1.1 (KM 10.1.100.100 



Task 4 

Re-configure the HSRP routers such that if Network !. 1. 1.0 . ''24 goes down. R4 becomes 
the active router. But if Network 1 .1 .1.0 .'24 is up. then. R3 should be the active router. 



The first step is to remove the track 1 configuration: 

On R3 

R3 (co nfig')#NO track 1 
R3(config)#NO track timer interface 2 

Second step is to configure a new tracking such that Network 1.1.1.0 .'24 is tracked 
in this case reachability is what is tracked: 

R3(config)#track 1 ip route 1.1.1.0/24 reachability 

Note the following reveals that R3 is the active muter: 

R3*sh stand brief 

P indicates configured to preempt. 

Interface Grp Prio P State Active Standby Virtual IP 

FaO'I 1 110 P Active local 10.1.100.4 10.1.100.100 
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To verify the configuration: 

On K3 

R3sSho\v track 

Track I 
IP route 1.1.1.0 255.255.255.ll reachability 

Reachability is Up (OSPF) 

1 change, last change 00:03: 16 
First-hop interface is FastEthernctO.'O 
Tracked by: 

HSRP FastEthcrnctO/1 1 

To test the configuration: 

Note the following summarizes the test procedure: 

■ Debug Track is enabled on R3 

• The network that is being tracked (1.1.1.0 .14) is Shutdown 

• The debug messages are observed & the change is verified in HSRP 

• Network l.l.l.U'24 is brought back up and once again the debug messages 
are observed and the change in HSRP is verified 

On R3 

R3g Debug Track 
On Kl 

Rli;config)#intk)0 
Rl (co n fig- ii> Shut 

On K3 

02:37:26: Track: 1 Changed! IP route 1.1.1.0 24, OSPF->no route, reachability Up- 
>Down 

02:37:26,251: %TRACKlXG-5-ST ATE: 1 ip route 1.1.1 .0/24 reachability L"p->Do\vn 

02:37:27.243: %HSRP-5-STATECHANGE: Fas tEt hern et0/l Grp 1 state Active -> 
Speak 
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02:37:37.243: VoHSRP-5-STATECHANGE: Fas tEt hern etft/t Crip 1 stale Speak -> 
Standby 

RJ#Show standby brief 

P indicates con figured to preempt. 

Interface Grp Prio P State Active Standby Virtual IP 

FaO'l 1 99 P Standby 10.1.1004 local 10.1.1 00.1 00 

On Kl 



Rl(config)#Dit bO 

Rlfconfig-ifJtfNoshut 

On K3 

02:47:1 1: Track: 1 Change #3 IP route 1.1.1.0 24, no route->OSPF, reachability 
Down->L~p 

02:47:1 1.259: %TRACKING-5-STATE: 1 ip route 1.1.1. ft/24 reachability Down->lp 

02:47:12.203: %HSRP-5-STATECHANGE: Fas tEt hern etftl Grp 1 state Standby -> 
Active 

R3#5how standby brief 

P indicates configured to preempt. 

Interface Grp Prio P State Active Siandb\ Virtual IP 

FaO'l 1 119 P Active local 10.1.100.4 10.1.100.100 



1 ask 5 

Configure R3 such that if host ILL LI .'24 is NOT reachable. R4 becomes the active 
r o ut cr . b li t i f ho st 1 1 . 1 . 1 . 1 .'24 i s rcac h ab le , R3 sho u Id r emai n as the ac t i vc and R4 s no u Id 
be the standby router. You should use IP SLA with 1CMP Echo messages to accomplish 
this task, the frequency of the messages should be 5 seconds with a timeout of 250 ms. 



IP SLA is configured to resolve this task, IP SLA can be configured check network 
availability: two aspects of an IP SLA operation can be tracked: State & Reachability. 
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Every IP SLA operation maintains an operation return code, For example: OK, Over 

the Threshold and etc. this return code is the return code is interpreted by the 
tracking process: 



Tracking 


Return Code 


Track State 


State 


OK 

All other return code 


UP 

Down 


Reach ah Hi ty 


OK or Over the 

Threshold 

All other return code 


LP 
Down 



R3(config)#ip si a monitor 2 

R3(config-sla-monitor)T*type echo protocol IpIcmpEcho 11.1.1.1 

R3i/config-sla-monitor-ccho)"timeout 250 

R3 (con fig-s la- mo n i to r-cc ho )** fr eq uen c y 5 

R3(config)#ip sla monitor schedule 2 start-time now life forever 

The following command tracks the state of an IP SLA object and enters the tracking 

configuration mode: 

R3 (con fig)#t rack 1 rtr 2 

To verily the configuration: 

On K3 

R3*Sh track I 



Track I 
Response Time Reporter 2 state 
State is Up 

2 changes, last change 00:(H):24 
Latest operation return code: OK 
Latest RTT (mil luces) 80 
Tracked by: 

HSRP FastEthcrnctuV 1 1 

To test the configuration: 



Note the following summarizes the test procedure: 
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• Debug Track is enabled on R3 

• The host thai is being trucked (1 1.1.1.0 /24) is Shutdown 

■ The debug messages are observed & the change is verified in HSRP 

• Host 11.1.1.0/24 is brought backup and once again the debug messages are 
observed and the change in HSRP is verified 

On \U 

R3*Dcbug track 

On Rl 

Rl(config)#int fol 
Rl (co n fig- ii> Shut 

On R3 

00:52:21: Track: I Change #3 rtrl, state I p->l)own 

00:52:21.719: %TRACK]NG-5-STATE: 1 rtr 2 state Up->Doun 

00:52:24.071: %HSRP-5-STATECHANGE: Fas tEt hern etO/1 Grp 1 state Active -> Speak 
R3#Sh&w standby brie 

P xid'-.JLLlL's jonl inured lo p rue ir.pl. 

Interlace Grp Prk) P State Active Standby Virtual IP 

FatO/l 1 99 P Standby 10. 1. 100.4 local ' 10.1.100.100 

On Rl 



Rl(config)#int lol 
R 1 (co n fig- if)#no s hu t 

On R3 

00:56:31: Track: 1 Change #4 rtr 2, state Donn->L'p 

00:56:31.723: %TRACKlNG-5-STATE: 1 rtrl state Donn->Up 

00:56:33. 167: %HSRP-5-STATECHANGE: Fas tEt hern etO 1 Grp 1 state Standby -> 

Active 

R3f*Show standby brie 
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P indicates configured to preempt. 

Interface Grp Prio P State Active Standby Virtual IP 

Fat* I 1 110 P Active local 10.1.10*0.4 10.1.100.100 



Task 6 

Erase the startup configuration of the routers and reload them before proceeding to the 
next task. 



CCIE R& S by Narbik KoiharbliiS Advanced CCIE R&S Work Bduk In Page 1032afl06S 

C 2009 Narbik. Knclinrinni. All rig his raerved 



Advanced 
CCIE Routing & Switching 



2.0 



uuu.MicronicsTrainine.com 



Narbik Kochaiians 

CCIE #12410 
R&S, Security, SP 



GRE 

T mi 11 el 



CCIE R& * bv Narbik Ku^hartflnS Advanced CCIE R&S Work Buuk 2.0 Page 1033 of 1068 

C 2009 Narbik Kucha run l All rijlilj reserved 



131.1.1.0/24 



1322i0/24 



Lab Sftuu: 

> Configure Rl and R2 in a frame-relay point-to-point manner. 

> Configure R l ' s F0/0 interlace in V L AN" 1 0. 

> Configure R2's FQ interlace in VLAX 20 

> Configure the routers with the IP addressing identified in the above diagram 

> R l should use DLCl 1 02 to connect to R2 and R2 should use DLCl 20 1 to 

connect to Rl. 

Task l 



Configure OSPF between networks 131 .1. 1 .0 .24 and 1 32.2.2.0 ;24 to provide 
reachability. You must use a ORE Tunnel and an IP addressing space of your choke to 
accomplish this task. 



On Rl 

R 1 (co n fig)# in t tu n ncl 12 

Rl (config-if)f*ip address 200. 1 . 1 2. 1 255.255.255.0 

Rl fconfig-il>tunncl so urcc SO/0. 12 

R I (co n fig- it>tu raid Destination 131.1.12.2 
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On k2 

R2(eonfig)#int tunnel 21 

R2(config-ii>*ip address 200.1. 12.2 255.255.255.0 
R 2 1 ; c o n fig- if)#tu nnc I Source SO/0 2 1 
R2(config-if)#tunncl Destination 131.1.12.1 

10 test the configuration: 

On R2 

R2#Ping 200. 1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1. 12. 1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 72/72/72 ms 
To configuring OSPr benvcen the networks: 

On R2 

R2 (co n fig )r#ro u tcr o sp f 1 
R2 (c o n fig-rfl u ler)#netw 

R2(config-roLiter)#nctwork 200.1.122 0.0.0.0 arcaO 
R2(config-roLUcr)#nct\vork 132.2.2.2 0.0.0.0 arcaO 

On kl 

R 1 (co n fig- if )#ro Liter o sp f 1 

Rl (config.roLitcr)#nctwork 200. 1 . 12. 1 ft 0.0.0 area 

Rlfconfig-roLitcr^nctwork 131.1.1.1 0.0.0.0 area 

To test the configuration: 

On kl 

Rl#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, 1A - OSPF inter area 
HI - OSPF NSSA external type 1 , N2 - OSPF N'SSA external type 2 
El - OSPF external type 1. E2 - OSPF external type 2 
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i - IS-IS, su - ES-IS summary, LI - IS-IS lcvcl-l s L2 - IS- IS fcvcl-2 

ia - IS-IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 200. 1. 12.0/24 is directly connected. Tunnel 12 

131.1.0.0/24 is sub net ted. 2 subnets 
C 1 3 1. 1 .1 .0 is directly connected, FastEthcrnctO-'O 
C 131.1.12.0 is directly connected, Serial 0/0. 12 

132.2.0.0/24 is subnetted, I subnets 
132.2.2.(1 [110/11112] via 200.1.12.2, 00:01:01, Tunnell2 

Rl*Ping 132.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 132.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 72 72 72 ms 

Rl#Show ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

200.1.12.2 FULL'' - 00300:39 200.1.12.2 Tunncll2 

Rl#show ip o spf int tunnel 12 

Tunncll2 is up, line protocol is up 
Internet Address 200. 1 . 12. 1/24, Area 

Process ID 1, Router ID 200.1.12.1, Network TypcP01NT_TO_POINT, Cost: 1 1 I I I 
Transmit Delay is 1 sec, State P01NT_TO_PO]N.T, 
Timer interval scon figured. Hello 10, Dead 40, Wait 40, Retransmit 5 

Note, there are no muting protocols running between RTs SO/0/0.12 interface and 
R2's S0'0/0.21 interface, if OSPF is configured to advertise 131.1.12.0/24 network, 
then 131.1.1.0 and 132.2.2.0 networks will he reachahle via the serial sub-interface 
instead of the tunnel interface. If OSPF is running on network 131.1.12.0 '24, one 
way to force the traffic to go through the tunnel interface instead of the serial sub- 
interface is to assign a higher OSPF cost to the serial sub-interface or assign a lowei 
OSPF cost to the tunnel interface, but this has to be configured on both routers, as 
folio \>s: 

On R2 
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R2(config')#routcrospf 1 
R2iconfig-routcr)#nctwork 131.1.122 0.0.0.0 area 

R2#Show ip oggfjnj tunnel 12 

TunncLZl is up, line protocol is up 
Internet Address 200.1 .12. 1,24 , ArcaO 

Process ID I , Router ID 200. 1.12.1, Network Type POl NT_TO_PQl NT, Cost: 11111 
Transmit Delay is 1 sec, State POINT_TO_PO]NT, 
Timer interval scon figured. Hello 10, Dead 40, Wait 40, Retransmit 5 

R2?*ShowipospfintSQ/Q.21 

ScrialO/021 is up, line protocol is up 
1 ntcrnct Add rcss 1 .3 1 . 1 . 1 2. 2 24, Area 

Process ID 1, Router ID 200.1.122, Network Type POINT TO POINT, Cost: 64 
Transmit Delay is 1 sec, State P01NT_TO_PC)lNT, 
Timer intervals configured. Hello 10, Dead 40, Wait 40, Retransmit 5 

R2(config)#int tunnel 2 1 
R2(config-if)#ip ospi'eost 63 

On Kl 



R 1 (co n fig)#ro u tcr o sp f 1 
Rli;config-roLitcr)#nctwork 131.1.12.1 0.0.0.0 area 

RlgShow ip ospl'int tunnel 12 

Tunnel 12 is up, line protocol is up 
1 ntcrnct Address 200.1.12. 1. 24, Area 

Process ID I, Router ID 200.1.12.1, Network Type POINT TO POINT. Cost: lllll 
Transmit Delay is 1 sec, State P01NT_TO_P01NT, 
Timer intervals configured. Hello 10, Dead 40, Wait 40, Retransmit 5 

Rl#ShowipospfintS0 0.12 

ScrialO/0.12 is up, line protocol is up 
1 ntcrnct Add rcss 1 3 1 . 1 . 12. 1/24, Area 
Process ID 1, Router ID 200.1.12.1, Network Type POINT TO POINT, Cost: 64 

Transmit Delay is 1 sec, State PO]NT_TO_P01NT, 

Timer interval scon figured. Hello 10, Dead 40, Wait 40, Retransmit 5 
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R I (co n fig)# in t tu n ncl 12 

Rl iconfig-if)#ip ospl'cost 63 

Rl#Sh0w ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type I , N 2 - OSPF XSSA external type 2 
El - OSPF externa! type I, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1, L2 - 1S-IS lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 200. 1. 12.0/24 is directly connected, Tunnel 12 

131. 1.0.0/24 is subnetted 2 subnets 
C 1 3 1. 1 .1 .0 is directly connected, FastEthcrnetO. 
C 1 3 1. 1.120 is directly connect cd, ScrialO/0. 1 2 

132.2.0.0/24 is subnetted, I subnets 
() 132.2.2.0 ]1 10-641 \ hi 200.1.12.2. 00:00:13. TuniiL-112 



Task 2 

Re-configure the routers and use the IP addressing specified as per the following 
diagram. Ensure that failure of any of the links will not bring down the tunnel. Use the 
following policy to accomplish this task: 

> L'se the same IP address space for the tunnel that you used in the previous task 

> Run a routing protocol of your choice to accomplish this task 

> Rl and R2 ! s F0/1 interlace must be configured in VLAX 12. 

> RTs F0/0 interlace should be configured in VLAX 1 I and R2 5 s FO/0 interlace 
should be configured in VLAX 22 

> Create Loopback interfaces on the routers, Rl' s LoO sho uld be 1.1.1.1 -8 and 
R2 : s LoO should be configured to be 2.2.2.2 /8 

> Run OSPF between the 131.1.1. .'24 and 132.2.2.0 ;24 networks and ensure that 
this traffic between these networks uses the tunnel interface. 
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192.1.12.0/24 




1 31.1.1 JO/24 



1 32.2.2.0 724 



In this task you are asked to run a routing protocol of your choice, in order to 
provide reachability, this configuration will demo and configure RIPv2, Eigrp and 
then OSPF, the first option is to run R!P\2: 



On Rl 



Rl (config)#rauter rip 

Rl('config-roLitcr)"na au 

R I (coni1g-routcr)#vcr 2 

Rl (config-routcr^nctwork 13 1 .1 .0.0 

Rl [ccmfig-roLitcr)#nctwurk 192.1 . 12.Q 

R I (co n fig-ro li t cr)#p ass ivc- i nt crfac e FO 

R I (config-roLitcr)*nct\vork 1 . 0.0.0 

On R2 

R2(config)#rt:i Liter rip 
R2(config-roLUcr)r*na au 
Et2{config-rQMter)#ver 2 

R2(config-roLitcr)#nct\vork 192.1. 12.0 
R2(eonfjg-routcr)#nct\vork 13 1 .1 .0.0 
R2 (co n fig-ro a t cr)#nct \vo r k 2. 0.0. 

On Rl 



Rl#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, 1 A - OSPF inter area 
XI - OSPF NSSA external type L N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary. LI - 1S-1S level- 1 ,L2 - 1S-IS lcvcl-2 
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ia - IS-1S inter area, * - candidate default, L" - pcr-user static route 
o - ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

C 192.1. 1 2. 0/24 is directly con ncctcd, FastEt hcrnctO/ 1 
C 1.0. 0.0/8 is directly connected. LoopbackO 
R 2.0.0. 0/8 [ 120/1 J via 1 92.1 . 12.2, 00:00:05, FastEthcrnetO/ 1 
[120/1 J via 131. 1.122, 00:00:02, ScrialO/0.12 
131.1.0.0/24 is subnetted, 2 subnets 
C 1 3 1. 1 .1 .0 is directly connected, FastEthcrnetO. 
C 131. 1.12.0 is directly connected, ScrialO'0. 12 

On R2 

R2#5hOjW ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
XI - OSPF XSSA external type I , N2 - OSPF XSSA external type : 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level- 1, L2 - IS-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - pcr-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 192. 1. 12.0/24 is directly connected, FastEthcrnetO' 1 

R 1.0.0.G.''8 [120/1 J via 1 9*2.1 . 12. 1, 00:00:1 1, FastEthcrnetO- 1 

[ 120/1 ] via 13 1. 1.1 2 J, 00:00:08, Scria 10/0.2 1 
C 2.0.0. 0/8 i s d i rec t ly co n nee ted , Loo p b ac kO 

131.1.0.0/24 is subletted, 2 subnets 
C 131.1.12.0 is directly connected, ScrialO/0.21 

132.2.0.0/24 is subnetted, I subnets 
C 132.22.0 is directly connected, FastEthcrnetO 

Next step is to create the tunnel interface: 

On Rl 

R 1 (co n fig)# in t tu n ncl 12 

Rl(con%-it>#ip address 200.1 . 12. 1 255.255.255.0 

Rl (config-if)#tunnel so urce loO 

R I ( c o n tig- if )#tu nnc 1 des tinatio n 2 . 2 .2 .2 
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R I f co n fig')#ro u tcr o sp f 1 

Rl (config-routcDftoctwork 200. 1.12.1 0. 0.0.0 area (.1 

Rl(eonfig-routcr)fi ! nctwork 131.1.1.1 0.0.0.0 area 

On R2 

R2i;eonfig)#int tunnel 21 

R2(config-if)#ip address 200.1 . 12.2 255.255.255.0 
R2(config-if)#tunncl so urce loO 
R2(config-if)#tunncl destination 1.1.1.1 

R2(config)#routerospf 1 

R2i;config-router)#nctwork 200.1.12.2 0.0.0.0 arcaO 
R2(config-routcr)#nctwork 1322.2.2 0.0.0.0 area 

On m 



R l-Show ip route 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type 1 , N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l ; 'L2 - IS- IS lcvcl-2 
ia - 1S-1S inter area, * - candidate default, U - per-uscr statie route 
o - DDR,, P - periodic downloaded statie route 

Gateway of last resort is not set 

C 192, 1. 12.0 24 is directly connected, FastEt hcmctQ' 1 

C 1 . . . 0/8 i s d i rec t ly co n ncc ted , Loo pb ac kO 

R 2.0.0.0/8 [120/1 J via 192.1.12.2, 00:00:1 1, FastEthcmctO- 1 

[ 120/1 J via 13 1. 1.122, 00:00:1 l,Scria 10.0.12 
C 200. 1 . 1 2.024 is directly connected, Tunnel 1 2 

131.1.0.0/24 is sLibncttci 2 subnets 
C 1 3 1 . 1 . 1 .0 i s d ircetly co n n cc t cd , FastE th crnctQ-' 
C 131.1. 1 2.0 is directly connected, ScrialQ'0. 12 

1322.0.0/24 is subnetted, I subnets 
() 132.2.2.0 [110/111121 via 200.1.12.2, 0(1:07: 18, Tunnel 12 

On R2 
R2#Show ip route 



CC1E R& S b\ Narbik KuihartflnS Advanced CCIE R&S \\ urk Buuk 2.0 Page 1041 of 1068 

C 2009 Narbik Kucha riant. All rig lib reserved 



Codes: C - connected, S - static, R - RIP, \i - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF NSSA external type 1 , N2 - OSPF NSSA external type : 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1,*L2 - IS- IS lcvcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 192. 1. 12.0/24 is directly connected, FastEt hcmctO' 1 

R 1 .0.0 .0/8 [ 120/1 J via 1 92. 1.12.1, 00:00: 14, FastEthcrnctO- 1 

[120/1 J via 131.1.12.1,00:00:15, ScrialO/0.21 
C 2.0.0.0/8 is directly connected, LoopbackO 
C 200. 1. 12.0/24 is directly connected, Tunncl21 

131.1.0.0/24 is sub net ted, 2 subnets 
O 131.1.1.0 1110/1 1 1 121 via 200.1.12.1, 00:08:4)8, Tunnel2l 
C 1 3 1.1. 1 2.0 is d i reel ly co n nc ct cd , Serial 0/ . 2 1 

132.2.0.0/24 is subnetted, I subnets 
C 1 32.22.0 is d ircctly connected, FastEthcrnctO/0 

It 1 stint! Eitii'p: 

On Rl 

Rl (config)#routercigrp 100 

R 1 (co n fig-ro Liter ) "no an 

R 1 (co n fig-ro u t er)# nctwo rk 1.0. . 

Rl(config-routcr)#nct\vurk 131.1.12.0 0.0.0.255 

R I (config-roiitcr)#nctwork 192.1 . 12.0 

R 1 (co n fig-ro u t cr )#cx i t 

Rl (config)#no router rip 

On R2 

R2(config)#rautcrcigrp 100 
R2(config-roLitcr)r#no au 

R2 (con fig-ro u ter)#nctwo r k 2. 0.0. 
R2 (eon fig-ro Litcr)#nctwork 192.1. 12.0 
R2(config-roLitcr)#nctwork 131.1.12.0 0.0.0.255 

On Rl 
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Rl#Show ip route 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 

D - E1GRP, EX - EIGRP external, - OSPF, I A - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1 , L2 - IS-IS lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 192.1. 12.0 24 is directly connected, FastEt hcrnctuV 1 

C 1.0.0. 0/8 i s d i rec t ly co n n cc ted , Loo p b ac kO 

D 2.0.0.0/8 [90/1 56 1*60 J via 1 92.1 . 12.2, 00:0 1 :00, FastEthcrnctO/1 

C 200. 1 . 1 2.0/24 is directly con ncctcd, Tunnel 12 

131.1.0.0 24 is subnetted, 2 subnets 
C 1 3 1. 1 .1 .0 is directly connected, FastEthcrnctO/0 
C 1 3 1 . 1 . 1 2.0 is directly connect cd, ScrialO/0. 12 

132.2.0.0/24 is subnetted, I subnets 
() 132.2.2.0 |11 11/ 1 11 121 via 200.1.12.2, 00: <I0: 49, Tunnel 12 

To lest OSPF: 
On Kl 



Rl(config)#routcrospl' I 

R 1 i;conf1g-routcr)#nctwork 1 3 1 . 1 . 12. 1 0. 0.0.0 area 

Rli;config-routcr)#nct\vurk 192.1.12.1 0.0.0.0 area 

Rl (config-roLitcritfnctwork 1.1.1.1 0.0.0.0 area 

Rl(config)# NO router cigrp 100 

On R2 

R2(config)#routcrospf' I 

R2i;config-routcr)#nctwork 2.222 0.0.0.0 area 
R2fc;onfig-roLUcr)^nctwork 131.1.122 0.0.0.0 arcaO 
R2i;config-roLiter)#nctwork 192.1.122 0.0.0.0 arcaO 

R2i'conf]g-routcr)r^NO router cigrp 100 
On kl 
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Rl#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type 1 , N2 - OSPF NSSA external type 2 
El - OSPF external type I , E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-IS level- 1, L2 - IS- IS lcvcl-2 
ia - IS- IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded statie route 

Gateway of last resort is not set 

C 192.1. 12.0/24 is directly connected, FastEt hcmctuV 1 
C 1.0.0. 0/8 i s d i rcc t ry co n ncc ted , Lo o p b ac k() 

2.0.0.0/32 is subnetted, 1 subnets 
O 2.222 [110/2] via 19-2.1.12.2,00:18:33, FastEthcrnctOT 
C 200. 1 . 1 2.G'24 is directly con ncctcd, Tunnel 12 

131.1.0.0/24 is sub net ted, 2 subnets 
C 131.1.1.0 is directly connected, FastEthcrnctO 
C 131.1.12.0 is directly connected, ScrialO.0.12 

132.2.0.0/24 is subnetted, I subnets 
132.2.2.(1 111(1/21 via 192.1.12.2, (10:18:34, FastEthernetO/1 

Note 132.2.2.0/24 network is mm reachable via F0/1, but the policy of this task 
stales that this network should be reachable % ia the Tumi el interface. One waj to 
resolve this problem is to use PBR, as full on s: 

On kl 



Rl{COnfig)#aceess-list 100 permit ip 131.1.1.0 0.0.0.255 132.2.2.0 0.(1.0.255 

Rl (con fig)#ro utc- map TEST permit 10 
Rllconfig-routc-rnap)T*match ip addr 100 
R 1 (co n fig -route- map )# set interface tunnel 12 

Rl (con fig )#ro Lite- map TEST permit 20 
Rl fconfig)#ip local policy route-map TEST 

Rli;eonfig)#inti0/0 

Rl (config-if)#ip policy route-map TEST 

To ti'st thi 1 configuration: 
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On Kl 

Rl#Traccroutc 

Protocol [ipj: 

Target IP address: 132.2.2.2 

Source address: 131.1.1.1 

Numeric display [nj: 

Timeout in seconds [3^: 

Probe count [3J: 

Minimum Time to Live [1]: 

Maximum Time to Live [30 J: 

Port Number [33434 J: 

Loose. Strict. Record. Timcstamp, Vcrbosc[nonc\: 

Type escape sequence to abort. 

Tracing the route to 1 32.2.2.2 

__ Note the traffic traverses through the 
1 200.1.12.2 msec * msec'* -- ' tunnel interface 

The same configuration must be performed on 142, 



Task 3 

Erase the startup config and reload the routers before proceeding to the next lab. 
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1D.1.1.D.'24 



102.2.0. '24 




Lal> Si-tuu: 

> Configure the frame- relay connection between Rl, R2 and R2 and R3 in a point- 
to-point manner. 

> Configure R l ' s F0/0 interface in V L AN 1 0. 

> Configure R2's FG'O intcrtacc in VLAN 20. 

> C o n fig u r c R 3 ' s F0/0 in tcr iac c in V L AX 30 

> Configure the routers with the IP addressing identified in the above diagram 
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Task 1 

Configure OSPF between the Private networks ( 1 0. 1 .1 .0, 10.22.0 and 1 0.3.3.0 .'24) and 
ensure that these networks have reachability to each other. You must configure ORE 
Tunnel interface's to accomplish this task. DO NOT run a routing protocol, Static routes 
or PBR tor the links connecting Rl to R2 and R2 to R3. 



On kl 

R 1 (eo n fig)# in t tun ncl 12 

R 1 (co n fig- if )#i p addr 200 . 1 . 1 2 . 1 25 5 . 2 5 5. 25 5 . 

Rl (config-ii>tunncl so urce SO 0.12 

Rl (config-if)#tunncl destination 1 3 1 . 1 . 12.2 

On R2 

R2(eonfig)#int tunnel 21 

R2(C0iifig-if)#ip addr 200.1.122 255.255.255.0 
R2(config-if)#tunncl so urce SO/0.21 
R2(config-if)#tunncl destination 131.1. 12. 1 

R2(config)^int tunnel 23 

R2(eonfig-it>#ip address 200.1. 23.2 255.255.255.0 
R2ieonfig-if)#tunncl so urce SO/0.23 
R2(config-iiy tunnel destination 1 3 1 . 1 .23. 3 

On \U 

R3(eonfig)#int tunnel 32 

R3(config-if)#ip address 200.1.23.3 255.255.255.0 
R3(config-if)frtunncl so urce SO/0.32 
R3(config-if)#tunncl destination 131. 1 .23.2 



To test the configuration: 



On K3 



R3*Ping 200. 1.23.2 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200.1.23.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 72. 72 "2 ms 



CCIE R& S by Narbik KtHrhariiinS Advanced CCIE R&S \\ urk Buuk 2.0 Page 104?oflQ68 

C 2049 Narbik Kucha riant. All rights reierved 



On R2 

R2*Ping 200.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echo 5 to 200. 1. 12. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 72/72/72 ms 

R2#Pjng 200.1.23.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200.1.23.3, timeout is2 seconds: 

!!!!! 

Success rate is 100 percent (5/5), round-trip min/avg'max = 72/72/76 ms 

On Kl 

Rl^Ping 200. 1.12.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 12.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 72/72 72 ms 

I "1:1 cinilliziirc OSPF nmlmi: nrutucol i:ui the prnatc nulvnjrks: 
On Rl 

R 1 (co n figure u tcr o sp f 1 

R 1 (config-roLitcr)#nct\vork 200.1 . 12. 1 0. .0.0 area 

Rl(config-roLUcr)#nctwork 10. 1. 1. ! 0.0. 0.€ area 

On R2 

R2(config)rrrautcrospf 1 

R2(config.roLitcr)#nctwork 200.1.12.2 0.0.0.0 arcaO 
R2i;config-roLitcr')#nctwork 200.1.23.2 0.0.0.0 area 
R2(config-routcr)r*nct\vork 10.2.2.2 0.0.0.0 area 

On R3 

R 3 (co n fig )#ro u tcr o sp f 1 

R3(cQnfigHroutcr)f*nctwork 200.1.23.3 0.0. 0.0 arcaCi 
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R3(config-routcr)#nctwork 10.3.13 0.0.0.0 area 



'I'm test the configuration: 



On Kl 
Rl#Show ip route 

Codes: C - connected, S - statie, R- RIP S M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, I A - OSPF inter area 
XI - OSPF XSSA external type 1, N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level- 1,L2 - IS- IS level-2 
ia - IS-1S inter area, * - candidate default, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

O 200.1.23.0/24 [110.22222] via 200.1. 12.2, 00:00:28, Tunnel 1 2 
C 200. 1 . 12.0-24 is directly con nectcd, Tunnel 12 

10.0.Q.O'24 is subletted, 3 subnets 
10.3.3.0 [110/22223 J via 2 00.1. 12.2,00:00:28, Tunnel 12 
O 10.22.0 [110/1 1 1 12] via 200.1. 12.2,00:00:28, Tunnel 12 
C 1 0. 1 . 1 .0 is directly connected, FastEthcrnctO/0 

131.1.0.0/24 is subnetted, 1 subnets 
C 1 3 1. 1 .12.0 is directly connected, ScrialO/0. 12 

Rl^Ping 10.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.2.2.2, timeout is 2 seconds: 



Success rate is 1(10 percent (5/5), round- trip rnin/avg'max = 72/72/72 ms 

RJlPJUg 10.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round- trip min/avg'max = 14G 140 140 ms 
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Task 2 

Remove the configuration from the previous task and re- con figure the routers based on 
the Lab setup guide in the beginning of this lab. 






On m 

Rl(config)#NO router ospf 1 
R]i;config)#NO interface Tunnel 12 

On R2 

R2(config)f*NO router ospf 1 
R2(config)#NO interface Tunnel 21 
R2i;config)#\0 interlace Tunnel 23 

On R3 

R3(config)#\0 router ospf 1 
R3(config)#NO interlace Tunnel 32 






Task 3 

Create the following Loopback interfaces and establish the tunnel based on these 
interfaces,, run a routing protocol of your choice and DC) NOT configure static mutes to 
accomplish this task. 
Rl 's LoO =1.1.1.1 8, R2's LoO = 7.2.2.2 /8 and R3's LoO = 3.3.3.3 /S 






On Rl 

Rl{ccmfig)#int bO 

Rl(config-if)f*ip addr 1. I.I. 1 255.0.0.0 

R 1 (co n fig)#rra u tcr rip 

Rl (config-routcr)r^no au 

Rl fconfig-routcr)#ver 2 

R 1 (config-routcr)#nctwork 131.1. 0. 

Rl (config-routcr)^nctwork 1.0.0.0 

On R2 




cc 
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R2(config)#int loO 

R2iconfig-if)#ip address 2.2.22 255.0.0.0 

R2 (eon fig- if)#ra Liter rip 
R2(eonfig-routcr)#no aii 
R2(config-roLitcr)#\ cr 2 
R2(config-roLitcr)#nct\vork 131.1. 0. 
R2(config-roLitcr)#nctwork 2. 0.0.0 

On K3 

R3(config)#int k)0 

R3(eonfig-if)#ip address 3.3.3.3 255.0.0.0 

R3 (con fig- if )#ro Liter rip 
R3(config-roLitcr)#no au 
R3(config-roLitcr)#vcr 2 
R3 (co n fig-ro li t cr)^ nctwo r k 131.1. 0. 
R3(eonfig-roLitcr)#nctw 3.0. 0.0 

1 o test the configuration: 

On K3 

R 3?* Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, IA - OSPF inter area 
XI - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S. sli - 1S-1S summary. LI - 1S-1S tevel-LL2 - 1S-1S lcvcl-2 

■ * • 

ia - 1S-IS inter area, * - candidate default, L* - pcr-uscr statie route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

R 1. 0.0.0 8 [120/2] via 131.1232, 00:00:01, SeriaK)/032 
R 2.0.0. 08 [120 1] via 131.1.23.2,00:00:01, SeriaHl/032 
C 3.0.0. 8 is directly connected, LoopbackO 

1 0.0.0.0/24 is subnet ted, 1 subnets 
C 1 0. 3.3.0 is directly connected, FastEthcrnctO/0 

131.1.0.0/24 is sub net ted, 2 subnets 
R 131.1.12.0 [120/1] via 131.1.23.2,00:00:01, Serial 0.32 
C 131.1 .23. is directly connect cd. ScrialQ'0.32 
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To contijjurs.' tlu 1 Tunnel: 










On Rl 












R 1 (co n fig)fr in t tu n ncl 12 

Rl (config-il>ip address 200.1 . 12. 1 255.255255.0 

Rl (config-if)#tunncl so urcc L oO 

Rl I con fig- if)#tunncl destination * > .' 7 .* J .2 












On R2 












R2i;config)rrint tunnel 2 1 

R2lconfig-if)#ip address 200.1. 12.2 255.255.255.0 
R2(config-if)#tunncl so urcc LoO 
R2(eonfig-ii>*tunncl destination 1 . 1 . 1 . 1 












R2(config)#int tunnel 23 

R2(config-it>ip address 200.1.23,2 255.255.255.0 

R2(config-if)#tunncl so urcc k)0 

R2 (con fig- if)#tunncl destination 3.3.3.3 












On R3 












R3(config)#int tunnel 32 

R3iconfig-ii>ip address 200.1. ?3.3 255*255 ,255 jQ 

R3(config-if)#tunnclsourcc k)0 

R3 icon fig- if)#tunncl destination 2.2 ? 2 












"I'o test the configuration: 












On Rl 












Rl#Ping 200.1.12.2 












Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 200. 1. 12. 2 r timeout is 2 seconds: 













Success rate is 100 percent (5/5), round- trip min/avg'max= 72/72/72 ms 












On R2 












R2#Ping 200.1.12.1 
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Type escape sequence to abort. 

Scr.,;:!".Li f . luu-bvtc I CMP Echos to 2UU. 1. 1 2. 1, timeout is 2 sccor.cs: 

Mill 

Success rate is 100 percent (5/5), round-trip min/avg/max =72/72/72 ms 

R2-P:ng 200. 1.23.3 

Type escape sequence to aboil. 

Sending 5, lOO-byte 1CMP Echos to 200. 1.23.3, timeout is 2 seconds: 



Success rate is 100 percent (5' 5), round-trip nr.n.avg. max =72/72/72 ms 
On R3 

R3-P:ng200.l.23.2 

Type Escape sequence to abort. 

Sending 5. lUU-byte 1CMP Echos to 200. 1.23.2, timeout is 2 seconds: 



Success rate is 100 percent (5/ 5). round -trip min/avg. max =" ! '2 "2-'"2 ms 
To configure OSPF on the routers: 

On Rl 

R I (config)rTouter ospf i 

R I ( 'config-rauter)*network JO. J _ J.J 0.0.0.0 area 

RI (config-router)#network 200. 1 . 1 2. 1 0.0.0.0 area 

On R2 

R2(conFtg)*touter ospf I 

R2(config-router)#network 10.2.2.2 0.0.0.0 area 
R2(config-router)#network 200. 1 . 1 2.2 0.0.0.0 area 
R2(config-router)£network 200. J .23.2 0.0.0.0 area 

On \U 

R3i conf.g)~r outer ospf I 

R3(config-router)*network 10.3.3.3 0.0.0.0 area 
R3(config.router>#network 200. 1 .23. 3 0.0.0.0 area 
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To test the configuration: 

On Rl 
Rl#Show ip route 

Codes: C - connected, S - static, R - RIP. M - mobile, B - BGP 

D - E1GRP, EX -E1GRP externa], - OSPF, 1A - OSPF inter area 
M - OSPF NSSA external type 1 , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-IS lcvcl-l,*L2 - IS- IS lcvcl-2 
ia - IS- IS inter area, * - candidate default, U - per-user static route 
•o - ODR, P - periodic downloaded statie route 

Gateway of last resort is not set 

C 1 .0 .0 . 0/8 i s d i rcc t ly co n n cc ted , Loo p b ac kO 

R 2.0.0.0/8 [120/1 J via 131.1.12.2,00:00:17, ScrialO/0.12 

() 200. 1.23.0/24 J110/222221 via 200.1.12.2, 00:04:38, Tunnel 12 

R 3.0.0.0/8 [120/2] via 131.1.12.2, 00:00:17, ScrialO/0.12 

C 200. 1 . 12.0 24 is directly connected, Tunnel 1 2 

10.0.0.0 24 is subnet ted, 3 subnets 
O 10.3.3.(1 1110/222231 via 200.1.12.2, 00:04:38, Tunnel 12 
O 10.2.2.0 1 110/1 1 1 121 via 200.1 .12.2, 00:04:38, Tunnel 12 
C 10. 1.1.0 is directly connected, FastEthcrnctO/0 

131.1.0.0/24 is subnetted, 2 subnets 
C 131.1.1 2.0 is directly connected, SerialO'0. 12 
R 131.1 .23.0 [ 120/1. J via 131.1.12.2, 00:00: 1 8, SerialCNM2 

On R2 

R2#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, LA - OSPF inter area 
Nl - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level- 1,*L2 - 1S-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L* - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

R 1.0.0.0 8 [120 r via 131.1. 12.1, 00:00:21, ScrialO/0.21 
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C 2.0.0. 0/8 i s d i rec t ly co n nee ted , Loo p b ac kO 










C 200. 1.23.0/24 is directly connected. Tunncl23 












R 3.0.0.0/8 [120/1 J via 131.1.23.3, 00:00:18, Scrial0/0_23 












C 200 . 1 . 1 2.0/24 is directly connected, Tunncl21 












1 0.0.0.0/24 is subnet ted, 3 subnets 












() 10.3.3.0 [110/11 112] via 200.1.23.3, 00:03:43, TunnelZ3 












C 10.2.2.0 is directly connected. FastEthcrnctO/0 












() 10.1.1.0 [110/11112] via 200.1.12.1, 00:03:43, Tunnel21 












131.1.0.0/24 is subnetted, 2 subnets 












C 131.1.12.0 is directly connected, ScrialO/0.21 












C 131.123.0 is directly connected, ScrialO'0.23 












On R3 












R3"Sho\v ip route 












Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 












D - E1GRP, EX - E1GRP external, - OSPF, 1 A - OSPF inter area 












XI - OSPF NSSA external type 1 , N2 - OSPF NSSA external type 2 












El - OSPF external type 1, E2 - OSPF external type 2 












i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level-l.LZ - IS- IS lcvcl-2 












ia - 1S-1S inter area, * - Candidate default, U - pcr-uscr static route 












o - ODR, P - periodic downloaded static route 












Gateway of last resort is not set 












R 1 .0.0. 0/8 [ 120/2] via 131. 1 .23.2, 00:0O: 1 9, ScrialO/0.32 












R 2.0.0. 0/8 [ 120/1 J via 131. 1 .23.2, 00:0O: 1 9, SerialO/0.32 












C 200. 1.23.0/24 is directly connected, Tunncl32 












C 3.0. . 0/8 i s di rcc t ly co n n cc ted , Loo p b ac kO 












() 200.1.12.0/24 1110/222221 via 200.1.23.2, 00:02:40, Tunnel32 












10.0.0.0/24 is subnet ted, 3 subnets 












C 10.3.3.0 is directly connected, FastEthcrnctO/0 












() 10.2.2.0 1 110/11 1 12] via 200.1 .23.2, 00: 02:40, Twiiit!l32 












1 0. 1. 1.0 1 11 0/222231 via 200.1 .23.2, 00: 02:40, Tunne.32 












131.1.0.0/24 is subnetted, 2 subnets 












R 131.1.12.0 [120/1 J via 131.1.23.2, 00:00:20, ScrialO/0.32 












C 1 31. ! .23.0 is directly connected, ScrialQ'0.32 










Task 4 








Erase the startup con fig and reload the routers before proceeding to the next 


lab. 
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Lab 3 - Configuration of CRE Tunnel III 



10. 1.1.1. '24 




SO/0.1 Z SO'0.13 

131.1.12.1 f2A 131. 1.13.1. '24 



^ 



SO/0.2 
131.1.12.2 HA S3/D.23 

Lo ° J31.123.3.'24 





,50-0.31 

131. 1.1 3.3. !2A ._ 

131. 1.23.3. '24 




'Z2.2.2:14 



'=.3.3.3 .'24 



l.al> Setup: 

> The routers should be configured in a full mesh point-to-point Frame* relay 

> The FQ.'O interlace of Rl should be in VLAN 1 0, R2*s F0/0 should be configured 
in VLAN 20 and R3's FO/0 should be configured in VLAN 30. 

> L'sc the lb Mowing ] P addressing c hart to configure IP addressing on the routers. 

> Run RIPv2 on the links that connect the routers (131.1.12.0, 131.1. 13.0, 
131.1.23.0). 
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IP aikli'L'ssinjJ and PL. CI information Chart: 



Routers ' Intf 


IP address 


Local DLC1 


Rl SO/0.12 


131.1.12.1/24 


102 


Rl SO/0.13 


131.1.13.1/24 


103 


FO/0 


10.1.1.1 /24 




LoO 


1.1.1.1 ti 




R2 SO 0.21 


131.1.12.2/24 


201 


R2 SO/0.23 


131.123.2/24 


203 


F0 


10.222 /24 




LoO 


"» .2.2.2 8 




R3 SO 0.31 


131.1.13.3/24 


301 


R3 SO/0.32 


131.1.23.2/24 


302 


E-nn 


10.3.3.3 ,24 




LoO 


~1 1 1 1i i'O 





Task I 

Run OSPF on the Private networks and ensure that these networks can reach each other 
through the GRE Tunnel When configuring the Tunnel intcrtacc/s ensure that 
redundancy is provided such that if a link is down the tunnel remains in up state and 
r cac ha.b i I ity i s pro v ided t hr o ug h t h c a It crn at c ro u t c. 



To accomplish this task the most reliable interface should he used to establish the 
tunnels, remember that you should have reachability to the Loophack interfaces via 
multiple paths or else the redundancy will not work. 

On Rl 



Rl (con fig )?rra Liter rip 

R 1 (config-roLitcr)#nctwork 1 . 0.0.0 

R 1 (co n fig-ro u t cr)#nctwo r k 131.1. 0. 

On R2 



R2(config)#routcr rip 
R2(config-roLitcr)*nctwork 2.0.0.0 
R2(config-routcr)*nctwork 13 1 .1 .0.0 



On R3 



R3(config)^routcr rip 
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R3(config-routcr)#nct\vork 3. 0.0.0 
R 3 ic o n fig-ro u t cr)# net wo rk 131.1. 0. 

To establish the tunnels: 

On Rl 

R 1 (co n fig)# in t tun ncl 1 2 

Rl (config-ii>ip address 200. 1.12.1 255.255.255.0 

Rl (config-if)#tunncl so urcc loO 

Rl (config-if)#tunncl destination 2.2.2.2 

Rl(config)#int tunnel 1 3 

R 1 (co n fig- if)#ip addrcs s 2 00 . 1 . 1 3 . 1 25 5 .25 5 2 5 5 .0 

Rl (config-if)rrtLinncl so urcc LoO 

Rl (config-if)#tunncl destination 3.3.3.3 

On R2 

R2(config)#int tunnel 2 1 
R2(config-it>ip address 200.1 . 12.2 255.255 
R2(config-if)#tunncl so urcc LoO 
R2(config-if)rTtunncl destination 1.1.1.1 

R2(config)#int tunnel 23 
R2(config-ii>ip address 200. 1.23.2 255.255 
R2(eonfig-if)#tunncl so tree LoO 
R2(config-if)#tunncl destination 3.3.3.3 

On R3 

R3(config)#int tunnel 3 1 

R3(config-ii>ip address 200.1. 13.3 255.255.255.0 
R3(config-if)#tunncl so urcc LoO 
R3(config-if)#tunncl destination 1.1.1.1 

R3(config)#int tunnel 32 

R3(config-if)#ip addrcss200.1.23.3 255.255.255.0 
R3(config-if)#tunncl so urcc LoO 
R3(config-if)#tunncl destination 2.2.2.2 

To run OS 1*1-' in the tunnel: 
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On Rl 

Rl(config)#rautcrospi' I 

R 1 (config-roLitcr)#nctwork 200.1 . 12. 1 0. 0.0.0 area 
R 1 (co n fig-ro li tcr )#nctwo rk 200.1.13. 1 0. .0.0 area 
Rl (con fig-ro utcr)#nctwork 10.1.1.1 0.0.0.0 area 

On R2 

R2iconfig)rrrautcrospf I 

R2(config-routcr)f*nctwork 10.2.2.2 0.0.0.0 area 
R2(config-roLitcr)#nctwork 200.1.12.2 0.0.0.0 arcafl 
R2(config-routcr)r*nctwork 200.1.23.2 0.0.0.0 arcaO 

On R3 

R3 (co n fig )** r a u t cr o sp f 1 

R3(config-roLitcr)f*nctwork 10.3.3.3 0.0.0.0 area 
R3(config-roLitcr)#nctwork 200.1.13.3 0.0.0.0 arcaO 
R3(config-roLitcr)#nctwork 200.1.23.3 0.0.0.0 area 

To test the configuration: 

On Rl 

R 1^ Show ip route 

Codes: C - connected, S - Static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external O - OSPF, I A - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1 , L2 - IS-IS lcvcl-2 
ia - 1S-1S inter area, * - candidate detail It, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 1 .0.0.0/8 is directly connected, LoopbackO 
R 2.0.0. 0/8 [120/1 J via 131.1.12.2, 00:00:25, ScrialO/0.12 
() 200.1.23.0/24 [110/222221 via 200.1.13.3, 00:00:20, Tunnell3 
|110.'222221 via 200.1.12.2, 00:00:20, Tunnel 12 
R 3.0.0. 0'8 [120/1 J via 131.1.13.3, 00:00:03, Scrial0/0.13 
C 200. 1. 12.0/24 is directly connected. Tunnel 1 2 
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C 200. 1 . 1 3. '24 is directly connected, Tunnel 13 










10.0.0.0/24 is subnetted, 3 subnets 












10.3.3.0 * [110/1 1I12| via 200.1.13.3, 00:00:20, Tunnell3 












10.2.2.0|110/111121 via 200.1.12.2, 00:00:21, Tunnel 12 












C 1 0. 1 . 1 .0 is directly connected, FastE t hcrnctO/0 












13 LI. 0.0/24 is subnetted, 3 subnets 












C 1 3 1. 1 .12.0 is directly connected, ScrialO/0. 12 












C 131.1. 1 3.0 is directly connected, ScrialO'0. 1 3 












R 131.1.23.0 [120/1 J via 131 .1.13.3, 00:00:05, Serial 0/0.13 












[ 1 20/ 1 1 via 1 3 1 . 1 . 1 2. 2, 0:00:27, ScrialO'0. 12 












On R2 












R2*Show ip route 












Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 












D - EIGR.P, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 












NT - OSPF NSSA external type 1, N2 - OSPF N'SSA external type 2 












El - OSPF external type 1 , E2 - OSPF external type 2 












i - IS-1S, su - IS-IS summary, LI - 1S-1S level- 1, L2 - 1S-1S lcvcl-2 












ia - 1S-1S inter area, * - candidate default, L" - per- user static route 












o - ODR, P -periodic downloaded static route 












Gateway oflast resort is not set 












R 1 .0.0. 0/8 [120/1 J via 131.1.12. 1, 00:00:04, ScrialO/0.21 












C 2.0.0. 0/8 i s d i rec t ly co n n cc ted , Loo p b ac kO 












C 200. 1.23.0/24 is directly connected, Tunncl23 












R 3.0.0.Q.'8 [120/1] via 1 3*1 .1 .23.3, 00:00:26, ScrialO/023 












C 200. 1.12. D/24 is directly con nee ted, Tunncl21 












O 200.1.13.0/24 1110/222*221 via 200.1.23.3, 00:03:16, Tunnel23 












1110/222221 via 200.1.12.1, 00:03:16, Tunnel 21 












10.0.0.0/24 is subnetted, 3 subnets 












O 10.3.3.0 J 110/1 11 12] via 200.1.23.3, 00:03:16, Tunnel23 












C 1 0. 2 2 .0 is d ircc tly co nn cc ted , FastE t hcrnctO/0 












() 10.1.1.0(110/111121 via 200.1.12.1, 00:03:17, Tunnel21 












131.1.0.0/24 is subnetted, 3 subnets 












C 1 3 1. 1 .12.0 is directly connected, ScrialO'0. 21 












R 131.1.13.0 [120/1] via 131.1.23.3,00:00:01, ScrialOO.23 












[ 1 20/ 1 J via 1 3 1 . 1 . 1 2 . 1 , : 00: 6 , ScrialO'0 .2 1 












C 1 31.1 .23.0 is directly connected, ScrialO'0.23 












On K3 
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R3#5how ip route 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 

D - EIGRP, EX - EIGRP external, - OSPF, I A - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level- 1 , L2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - pcr-user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

R 1 .O.O.Q'8 [ 120/1 J via 131.1.1 3. 1, 00:00:09, ScrialO/0.3 1 
R 2.0.0. 0:8 [120/1] via 131.1.23.2, 00:00:08, ScrialO/0.32 
C 200. 1.23.0/24 is directly connected, Tunncl32 
C 3.0.0.0'8 is directly connected, LoopbackO 
O 200.1.12.0/24 1110/222221 via 200.1.23.2, 00:04:46, Tunnel32 
1110/222221 via 200.1.13.1, 00:04:46, Tunnel 31 
C 200. 1 . 1 3.0/24 is directly connected, TunncBl 

10.0.0.0.24 issubnetted, 3 subnets 
C 10.3.3.0 is directly connected, FastEthcrnctO/0 
O 10.12.0 1 110/11 1 121 via 200.1 .23.2, 00: 04:47, Tunnel32 
() 1 0. 1.1.0 1 110/ 111121 via 200.1 .13.1, 00: 04:47, Tunnel 3 1 

131.1.0.0/24 is sub net ted, 3 subnets 
R 131.1.12.0 [120/1 J via 131.1.23.2, 00:00:09, Serial 0/0.32 
[ 1 20/ 1 J via 1 3 1 . 1 . 1 3 . 1 , : 00: 1 , ScrialO'O . 3 1 
C 131. 1 .1 3.0 is directly connected, ScrialQ.0.31 
C 131.1 23.0 is directly connected, ScrialQ'0.32 

To test the configuration: 

On K3 

R3(config)#int SO/0.32 
R3fconf1g-subif)^shut 

R3#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - EIGRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - 1S-1S, su - IS-IS summary, LI - 1S-1S level- l t L2 - IS-IS lcvcl-2 
:a - 1S-1S inter area, * - candidate dcfau.t, I." - pcr-user static route 
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o - DDR, P -periodic downloaded static route 

C3 ate way of last resort is not set 

R LO.0.0'8 [120/1] via 131.1.13. L 00:00:1 1, SerialO/0.31 

R 2.0.0.08 [120/2] via 131.1.13. 1, 00:00:11, ScrialO/0.31 

C 200. 1.23.0/24 is directly connected, Tunncl32 

C 3.0.0. 0/8 i s d i rec t ly co n nee ted , Loo p bac kO 

200. 1. 12.0/24 [ 1 10/22222] via 200.1 . 13. 1, 00:00:00, Tunncl3 1 

C 200. 1 . 1 3.0/24 is directly connected, Tunnel 31 

10.0.0.0/24 is subnet ted, 3 subnets 
C 10.3.3.0 is directly connected. FastEthcrnctO/0 
() 10.2.2.01 110/222231 via 200.1.13.1, 00:00:00, Tunnel31 
O 10.1.1.0|110/H1121 via 200.1.13.1, 00:00:01, Tunnel31 

131.1.0.0/24 is subnetted, 3 subnets 
R 1 3 1. 1 . 1 2.0 [ 120/1 j via 131.1.13.1, 00:00: 1 2, ScrialO'0.3 1 
C 131.1.13.0 is directly connected, ScrialO/0.31 
R 1 3 1 . 1 .23.0 [ 120/2] via 1 3 1 . 1 . 1 3 . 1 , 00:00: 1 4, ScrialO/0.3 1 

Note R3"s mutiny table converged: therefore, R3 can reach 10.1.1.0/24 and 10.2.2.0 
•24 through 200.1.13.1. 



Task 2 

Erase the startup config and reload the routers before proceeding to the next lab. 
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Lab 4 - GRE & Recursive loops 



LoO 




Lap 



FO/0 



10.1.120/24 




10.1.23.0/24 



L<$- 




[,nb Setup: 

> Configure the F 00 interface o f R l and R2 in VL AN 12. 

> Configure the FO/1 interface of R2 S R3 in VLAN 23. 

II* a drills sing: 



Router 


Interface/ IP address 


Rl 


FQO =10.1.12.1/24 
LoopbackO = 1.1.1.1/8 


R2 


FWO = 10.1.12.2 '24 
Fll'l =1(1.1.23.2 '24 
LoopbackO =2.2.2.2 /8 
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R3 



FO 1 = 10.1.23.3 24 

LoopbackO =3.3.3.3/8 



Task 1 



Configure RlPv2 on these routers and advertise their directly connected networks. 



On Rl 



Rl (config)nraLitcr rip 

Rl (conf]g-routcr)#no au 

R I (config-routcr)#vcr 2 

Rl (config-routcrY^nctw 1 . 0. 0.0 

R 1 fco n fig-ro li tcr)# nctw 1 . 0. 0. 



On R2 



R2(config>H ! rautcr rip 
R2(config-roLitcr)r#no au 
RZiconfig-routcr^vcr 2 
R2i;config-roLitcr)^netw 1 0.0.0.0 

On R3 



R3(cont'ig)#rautcr rip 
R 3 (c o n fig-ro u t cr)#no au 
R3 (co n fag-ro u t cr ) U \ cr 2 
R3(config-roLitcr)#netw 1 0.0.0.0 
R3(config-routcr)#nctw 3.0. 0.0 



10 verify the configuration: 



On Rl 



RlnSh ip route rip 

R 3.0.0.0/8 [ 120/2] via 10.1.12.2, 00:00: 14, FastEthernctO, Q 

10.0.0.0/24 is submitted, 2 subnets 
R 10.123.0 [120/1 J via 10.1.122, 00:00:14, FastEthcrnctO/0 
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On R2 

R2#Show ip route rip 

R 1 .0.0.0/8 [120/1 J via 1 0. 1.12.1, 00:00:24. EthcractO/0 
R 3.0.0. 0/8 [120/1] via 10.1.233, 00:00:02, EthcrnctO/1 

On R3 

R3rrSho\v ip route rip 

R 1 .0.0.0/8 1120/2] via 10.1. 23.2, 00:00: 1 3, FastEthernctO'l. 

10.0.0.0/24 is subnetted, 2 subnets 
R 10. 1.12.0 [120/1] via 10. 1.23.2, 00:00:13, FastEthcrnetO/1 






Task 2 

Configure a GRE tunnel from Rl to R3, the ip address of this tunnel interface should be 
200. 1.1.1 /24 and 200. LI J for Rl and R3 respectively. The tunnel source should be 
based on theloopbackO interface of these routers. R3 should use LoO interface of Rl. 
whereas, Rl should use LoO interface of R3 as their tunnel destination. 






On Rl 

Rli;config)#inttuI 

Rli;config-il>ip addr 200. 1. 1.1 255.255.255.0 

R 1 (config-if)#tunncl so urcc loO 

Rl (config-if)#tunncl destination 3.3.3.3 

On R3 

R3(config)#inttul 

R3i;config-it>ip addr 200. 1. 1.3 255.255.255.0 
R3(config-if)rTtunncl so urcc k)0 
R3(config-if)#tunncl destination 1 . 1 . 1 . 1 

To verify and test the configuration: 

On Rl 
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Rl#5how ip int brie i Inc Tunnel 1 

Tunncll 200. 1 . 1 . i YES manual up 

Rl*Ping 200.1.1.3 



up 



Type escape sequence to abort. 

Sending 5 r 100-bytc 1CMP Echos to 200. 1.13, timeout is 2 seconds: 

t M M 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 48/73 / 100 ms 

On R3 

R3"Sho\v ip int brie 1 Inc Tunncll 

Tunncll 200.1.1.3 YES manual up up 

R3#Ping200.LLl 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 32/74/136 ms 
Note the Tunnell interface is in LP/LP state. 



Task 3 

Configure Eigrp 100 through t lie tunnel interface of Rl and R3: these routers should 
advertise their LoopbackO interface in this routing protocol. 



On Rl 

R 1 (c o nfig )#Ro u tcr eigrp 1 00 
R I (c o nfig- ro u t cr )# no au 
Rl(config-routcr)#nctw 200. 1.1.0 

R 1 ic onfig- router)** net \v 1 . 0. 0.0 

On R3 
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R3iconf1g)#Routcr cigrp 1 00 
R3 1 c a nfig - ro u t cr )#no au 
R3(config-routcr)#nctw 200. 1.1.0 
R3 (c a nfig- ra uter)#netw 3. 0. .0 

Note you should get the following messages on these routers, the following shows the messages 
received on Rl: 

&DUAL-5-NBRCHANGE: lP-hlGRP{0) 100: Neighbor 200. 1. 1J (Tunnel I) is up: new adjacency 
&DUAL-5-N BRCHANGE: IP-ERjRP(0) 100: Neighbor 200.].] .3 (Tunnel 1) is down: holding time expired 
&DUAL-5-NBRCHANGE: H'-EIGKJ'fO) 100: Neighbor 200.].]. 3 {Tunnel]) is up: new adjacency 

%T U N-5-R hC U RDG WN: Tunnel! temporarily disabled due ro recursive routing 

"Mar I 01:1454.243: &1JNEPROT0-5-UPDGWN: Line protocol on Interface runnel:, changed state to down 

%DUAL-5-N BRCHANGE: IP-EIGRP(0) 100: Neighbor 200. 1.1. 3 (Tunnel 1) is down: interface down 

The tunnel interface status depends on the IP reachability to the tunnel destination; in this case 
Rl and R3 iind that reachability through RIPv2. But since the tunnel destination (LoO) is also 
advertised through Eigrp, therefore, when the tunnel comes up, these routers iind a better route 
through Eigrp to the tunnel destination (Eigrp's Administrative distance being lower than RIP), 
therefore, they find the reachability to the tunnel destination through the tunnel and that's what 
causes the recursive loops. 



Task 4 

Configure Rl and R3 such that the tunnel interface docs NOT Hap and it stays in L'P/L'P 
state, you should NOT configure a static route, or stop advertising this interface in Eigrp 
to accomplish this task. 



To fix this problem an access-list list is configured to identify the IP address of the 
tunnel destination. (hen. the administrative distance of this route is configured to be 
lower than Eigrp's administrative distance. 

Note once these commands are entered, the routers will find a better route (RlPv2) 
than Eigip to the IP address of the tunnel destination. 

On Rl 



R I (con fig ^access- list 1 permit 3.0.0.0 

R! (eo nfig^Ro Liter rip 

Rlfconfig-roLitcD^distance 89 0.0.0.0 255.255.255.255 1 
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Rl "Clear ip route * 

Rl^Sh ip route rip 

R 3.0.0.0'8 [89/2] via 10. 1. 12.2, 00:00:02, FastEtbcmctO/0 

10.0.0.0/24 is subnet ted, 2 subnets 
R 10. 1.23.0 [120/1] via 10.1.12.2, 00:00:02, FastEthcrnctO/0 



Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&S b) Narbik KoiharifliiS Advanced CCIE R&S Wurk Bduk 10 Page 1068 of 

C 2009 Narbik. Knclinrinni. All rig his raerved 



